Vulnerabilities

CVE-2023-7330 - Ruijie Networks NBR Routers Unauthenticated Arbitrary File Upload via fileupload.php

2025-11-24 4 views admin

CVE ID : CVE-2023-7330 Published : Nov. 24, 2025, 9:16 p.m. | 57 minutes ago Description : Ruijie NBR series routers contain an unauthenticated arbitrary file upload vulnerability via /ddi/server/fileupload.php. The endpoint accepts attacker-supplied values in the name and uploadDir parameters and saves the provided multipart file content without adequate validation or sanitization of file type, path, or extension. A remote attacker can upload a crafted PHP file and then access it from the web root, resulting in arbitrary code execution in the context of the web service. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-14 UTC. Severity: 9.3 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2023-7330

Severity

CRITICAL

Published

Nov. 24, 2025

Affected Product: php

Impact: code execution

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2023-7330criticalphp

CVE-2023-7330 - Ruijie Networks NBR Routers Unauthenticated Arbitrary File Upload via fileupload.php

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-13753 - WP Table Builder <= 2.0.19 - incorrect authorization to authenticated (subscribe

CVE-2025-13628 - Tutor LMS – eLearning and online course solution <= 3.9.3 - missing authorizatio

CVE-2025-69194 - Wget2: arbitrary file write via metalink path traversal in gnu wget2 - 2025 Update

CVE-2025-14937 - Frontend Admin by DynamiApps <= 3.28.23 - unauthenticated stored cross-site scri

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting