CVE-2023-7330 is a severe vulnerability classified under CWE-434 (Unrestricted Upload of File with Dangerous Type) found in Beijing Star-Net Ruijie Network Technology Co., Ltd.'s NBR series routers. The flaw resides in the /ddi/server/fileupload.php endpoint, which accepts multipart file uploads without proper validation or sanitization of the file name, upload directory, file type, or extension. This lack of validation allows an unauthenticated remote attacker to upload arbitrary files, including malicious PHP scripts, directly to the web root directory. Once uploaded, these scripts can be executed remotely, granting the attacker arbitrary code execution privileges within the web service context. The vulnerability requires no authentication or user interaction, making it highly exploitable over the network. The CVSS 4.0 vector (AV:N/AC:L/AT:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N) reflects network attack vector, low complexity, no privileges or user interaction needed, and high impact on confidentiality, integrity, and availability. Although no public exploit code is currently available, Shadowserver Foundation observed exploitation attempts in early 2025, confirming active targeting. The vulnerability affects all versions of the NBR series routers, and no official patches have been linked yet, indicating a pressing need for mitigation. This vulnerability poses a significant risk as it can lead to full compromise of the router, enabling attackers to intercept, manipulate, or disrupt network traffic and potentially pivot into internal networks.

For European organizations, the impact of CVE-2023-7330 is substantial. Compromise of Ruijie NBR series routers can lead to unauthorized access to internal networks, data exfiltration, disruption of network services, and deployment of persistent backdoors. Critical sectors such as telecommunications, government, finance, and energy that rely on these routers for secure network connectivity face heightened risks. The ability to execute arbitrary code remotely without authentication means attackers can bypass perimeter defenses and establish footholds within corporate or governmental networks. This can result in loss of confidentiality of sensitive data, integrity breaches through manipulation of network traffic, and availability issues due to potential denial-of-service conditions or device takeover. Additionally, the exploitation of network infrastructure devices can facilitate large-scale attacks or espionage campaigns targeting European entities. The absence of patches at the time of disclosure increases the window of exposure, necessitating immediate defensive actions to prevent exploitation.

Given the lack of official patches, European organizations should implement the following specific mitigations: 1) Immediately restrict access to the /ddi/server/fileupload.php endpoint by applying firewall rules or access control lists to limit exposure to trusted management networks only. 2) Deploy network intrusion detection/prevention systems (IDS/IPS) with signatures targeting suspicious file upload attempts or web shell activity related to Ruijie routers. 3) Conduct thorough audits of router configurations and logs to detect any signs of exploitation or unauthorized file uploads. 4) Disable or isolate the vulnerable file upload functionality if possible through configuration changes or firmware updates. 5) Engage with the vendor to obtain security advisories and prioritize patch deployment once available. 6) Implement network segmentation to limit the impact of a compromised router and prevent lateral movement. 7) Educate network administrators on monitoring for anomalous web service behavior and maintaining strict credential hygiene. These targeted actions go beyond generic advice by focusing on immediate containment, detection, and preparation for patching in the absence of vendor fixes.