CVE-2025-56107 is a critical OS command injection vulnerability identified in the Ruijie RG-BCR RG-BCR600W wireless device. The flaw exists in the Lua script located at /usr/lib/lua/luci/controller/admin/common_quick_config.lua, specifically in the submit_wifi function that processes POST requests. An attacker can craft a malicious POST request to this endpoint, injecting arbitrary OS commands that the device executes with the privileges of the web service process. This type of vulnerability allows remote attackers to gain unauthorized control over the device, potentially leading to full system compromise. The vulnerability does not require authentication or user interaction, making it highly exploitable remotely. No CVSS score or patches have been published as of the date of disclosure, and no known exploits are reported in the wild yet. The affected device is commonly used in enterprise and service provider environments for wireless connectivity, making this a significant risk for network infrastructure. The lack of version details complicates precise identification of vulnerable firmware, but the presence of the Lua controller file indicates the vulnerability is in the device's web management interface. Successful exploitation could allow attackers to manipulate device configurations, intercept or redirect network traffic, deploy malware, or pivot into internal networks.

For European organizations, this vulnerability poses a severe risk to network security and operational continuity. Compromise of Ruijie RG-BCR600W devices could lead to unauthorized access to internal networks, data exfiltration, and disruption of wireless services. Critical sectors such as telecommunications, government, finance, and healthcare that rely on these devices for secure wireless connectivity may experience significant operational impact. The ability to execute arbitrary commands remotely without authentication increases the likelihood of exploitation, potentially enabling attackers to establish persistent footholds or launch further attacks within the network. Additionally, compromised devices could be used as a launchpad for attacks against other connected systems, amplifying the threat. The absence of patches and public exploit code means organizations must act proactively to mitigate risk. The vulnerability also raises compliance concerns under European data protection regulations if sensitive data is exposed or network integrity is compromised.

1. Immediately restrict access to the management interface of Ruijie RG-BCR600W devices by implementing network segmentation and firewall rules to limit POST requests to trusted sources only. 2. Monitor network traffic for unusual POST requests targeting the submit_wifi endpoint or other suspicious activity indicative of command injection attempts. 3. Disable or restrict the web management interface if not required, or move it to a secure management VLAN inaccessible from untrusted networks. 4. Engage with Ruijie Networks support to obtain information on firmware updates or patches addressing this vulnerability and apply them promptly once available. 5. Implement strict input validation and web application firewall (WAF) rules where possible to detect and block malicious payloads targeting the Lua controller. 6. Conduct regular security audits and penetration tests focusing on network devices to identify and remediate similar vulnerabilities. 7. Maintain up-to-date asset inventories to quickly identify affected devices and prioritize remediation efforts. 8. Educate network administrators on the risks of command injection and the importance of secure device configuration and monitoring.