CVE-2025-56752: Remote Attackers Can Gain Full Administrative Access to Affected Ruijie Networks Devices Without Authentication

Ruijie Networks has released a security advisory addressing a critical vulnerability in its Reyee RG-ES series switches that could allow attackers to modify device login credentials without authorization. The flaw, tracked as CVE-2025-56752, carries a CVSS score of 9.4, making it a high-risk issue for organizations relying on these switches in production environments.

According to the advisory, “A vulnerability that allows unauthorized password modification exists in some Ruijie Reyee RG-ES series. Attackers can exploit this vulnerability to modify the device’s eWeb login password.”

In practice, remote attackers can gain full administrative access to affected devices without authentication. This enables complete control over configuration, traffic, and device behavior.

The vulnerability impacts multiple models across the RG-ES and RG-NIS series, including:

• RG-ES series:
  • RG-ES216GC-V2, RG-ES224GC-V2, RG-ES220GS-P, RG-ES228GS-P
  • RG-ES209GC-P, RG-ES205GC-P, RG-ES205GC, RG-ES208GC
  • RG-ES206GS-P, RG-ES210GS-P, RG-ES218GC-P, RG-ES226GC-P
  • RG-ES206GC-P, RG-ES216GC, RG-ES224GC, RG-ES210GC-LP
  • RG-ES206MG-P, RG-ES209MG-P
• RG-NIS series:
  • RG-NIS2100-8GT2SFP-HP, RG-NIS2100-4GT2SFP-HP

Ruijie has released patched firmware versions to address the issue. Depending on the affected model, users should upgrade to one of the following:

• ESW_1.0(1)B1P48 or later
• Release(12142711) or Release(12162701) or later

Devices that support automatic updates will prompt users to install the fix. Alternatively, administrators can download updated firmware from the official Ruijie Networks website or request it through local after-sales support.

Ruijie credited its internal R&D team and security researcher Tal Hershberg with discovering and responsibly disclosing the vulnerability.

Organizations using affected Ruijie devices should:

1. Update immediately to the patched firmware version applicable to their model.
2. Restrict management interface access to trusted administrative networks only.
3. Enable multi-layer authentication where possible to protect access.
4. Monitor for suspicious configuration changes or unexpected login attempts.

Related Posts:

• Open Sesame Attack: Ruijie Networks Devices Vulnerable to Remote Takeover
• Microsoft modifies open source code and causes RCE flaw in Windows Defender
• Hacker successfully exploit the Nintendo Switch
• GitHub Now Supports Google Social Login: Streamlined Sign-in for Developers