CVE-2026-14736
Ruijie · RG-UAC
Ruijie RG-UAC contains vulnerabilities related to unrestricted file uploads and improper access controls, potentially allowing unauthorized system interaction.
Executive summary
The Ruijie RG-UAC gateway is susceptible to critical access control and file upload vulnerabilities that could allow an unauthenticated attacker to compromise system integrity.
Vulnerability
This vulnerability involves CWE-434 (Unrestricted Upload) and CWE-284 (Improper Access Control). These flaws permit an unauthenticated remote attacker to bypass security mechanisms and potentially upload arbitrary files to the appliance.
Business impact
The ability to perform unauthorized file uploads on a network gateway poses a severe risk to organizational security. A successful exploit could lead to full system compromise, unauthorized network access, or the deployment of persistent backdoors. Given the CVSS score of 7.3, this is considered a high-severity issue that requires immediate attention to prevent data exfiltration and network disruption.
Remediation
Immediate Action: Contact Ruijie support or monitor the official vendor portal for a security patch addressing these specific CWEs.
Proactive Monitoring: Inspect system logs for unusual file upload activity or unauthorized configuration changes within the RG-UAC management interface.
Compensating Controls: Implement strict network segmentation and ensure the management interface of the RG-UAC is not exposed to the public internet.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Organizations utilizing Ruijie RG-UAC should prioritize restricting access to the management console to authorized internal networks only. Until a formal vendor patch is released, treat this device as a high-risk asset and apply all available hardening measures to mitigate the risk of unauthorized file execution.