CVE-2025-56123 is a critical OS Command Injection vulnerability identified in the Ruijie RG-EW1200G PRO series routers, spanning firmware versions V1.00 through V4.00. The vulnerability resides in the handling of POST requests to the module_get function within the /usr/local/lua/dev_sta/networkConnect.lua script. An attacker can craft a malicious POST request that injects arbitrary OS commands, which the device executes with the privileges of the affected process. This flaw enables remote code execution without requiring authentication or user interaction, making it highly exploitable. The vulnerability stems from insufficient input validation or sanitization in the Lua script processing network connection parameters. Successful exploitation could allow attackers to gain control over the device, manipulate network traffic, disrupt services, or pivot into internal networks. Although no public exploits have been reported yet, the presence of this vulnerability in widely deployed network equipment raises significant security concerns. The lack of an official patch or mitigation guidance at this time necessitates proactive defensive measures. Ruijie devices are commonly used in enterprise and ISP environments, increasing the potential impact on network reliability and confidentiality. The vulnerability's publication date is December 11, 2025, with the CVSS score not yet assigned, indicating a recent discovery. The absence of authentication requirements and the ability to execute arbitrary commands remotely elevate the threat level considerably.

For European organizations, the impact of CVE-2025-56123 could be severe. Compromise of Ruijie RG-EW1200G PRO routers may lead to unauthorized access to internal networks, interception or manipulation of sensitive data, and disruption of critical network services. Enterprises relying on these devices for secure connectivity or as part of their infrastructure could face operational downtime, data breaches, and reputational damage. The vulnerability could also facilitate lateral movement within corporate networks, enabling attackers to escalate privileges or deploy ransomware. Given the strategic importance of telecommunications and network infrastructure in Europe, exploitation could affect sectors such as finance, government, healthcare, and critical infrastructure. The lack of authentication for exploitation increases the risk of automated attacks and wormable scenarios. Additionally, supply chain risks exist if managed service providers or ISPs deploy these devices widely. The potential for widespread impact is heightened by the device's deployment in both enterprise and service provider environments across Europe.

1. Immediate network segmentation to isolate Ruijie RG-EW1200G PRO devices from critical network segments and sensitive data stores. 2. Implement strict access controls and firewall rules to restrict inbound POST requests to the affected module_get endpoint, ideally blocking all unnecessary management traffic from untrusted networks. 3. Monitor network traffic for anomalous POST requests targeting /usr/local/lua/dev_sta/networkConnect.lua or unusual command execution patterns on the devices. 4. Engage with Ruijie Networks for official patches or firmware updates and prioritize their deployment once available. 5. Employ intrusion detection/prevention systems (IDS/IPS) with custom signatures to detect exploitation attempts targeting this vulnerability. 6. Conduct regular audits of device configurations and logs to identify signs of compromise or unauthorized command execution. 7. Where possible, replace or upgrade vulnerable devices with models confirmed to be unaffected or patched. 8. Educate network administrators about the vulnerability and enforce strict operational security practices when managing these devices. 9. Consider deploying network-level anomaly detection solutions to identify lateral movement or unusual device behavior post-exploitation. 10. Maintain up-to-date backups of device configurations and critical data to enable rapid recovery in case of compromise.