[Japanese]

JVNDB-2025-000087

Ruijie Networks RG-EST300 undocumented SSH functionality

Overview

RG-EST300 provided by Ruijie Networks provides SSH server functionality. It is not documented in the manual, and enabled in the initial configuration.
  • Hidden functionality (CWE-912) - CVE-2025-58778

Ryu Kuki, Iwaki Miyamoto, Takayuki Sasaki, Katsunari Yoshioka of Yokohama National University reported this vulnerability to the developer and coordinated. After the coordination was completed, they reported the case to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.2 (High) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
Affected Products


Ruijie Networks
  • RG-EST300 AP_3.0(1)B2P18_EST300_06210514
  • RG-EST300 AP_3.0(1)B2P10_EST300_06151523
  • RG-EST300 AP_3.0(1)B2P10_EST300_05232216
  • RG-EST300 AP_3.0(1)B2P10_EST300_05220814

According to the developer, the affected products are no longer supported.
Impact

Anyone with the knowledge of the related credentials can log in to the affected device, leading to information disclosure, altering the system configurations, or causing a denial of service (DoS) condition.
Solution

[Stop using the products]
Affected products are no longer supported. It is strongly recommended that users discontinue their use and switch to supported alternatives.
For more information, refer to the information provided by the developer.
Vendor Information

Ruijie Networks
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2025-58778
References

  1. JVN : JVN#72648885
Revision History

  • [2025/10/16]
      Web page was published

Date Public2025/10/16
Date First Published2025/10/16
Date Last Updated2025/10/16