CVE-2025-8763— Ruijie EG306MG strongSwan strongswan.conf missing encryption
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-8763
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ruijie EG306MG strongSwan strongswan.conf missing encryption
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was found in Ruijie EG306MG 3.0(1)B11P309. It has been rated as problematic. This issue affects some unknown processing of the file /etc/strongswan.conf of the component strongSwan. The manipulation of the argument i_dont_care_about_security_and_use_aggressive_mode_psk leads to missing encryption of sensitive data. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
敏感数据加密缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
Ruijie EG306MG 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Ruijie EG306MG是中国锐捷(Ruijie)公司的一款路由器。 Ruijie EG306MG 3.0(1)B11P309版本存在安全漏洞,该漏洞源于文件/etc/strongswan.conf中参数i_dont_care_about_security_and_use_aggressive_mode_psk处理不当,可能导致敏感数据未加密。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-8763
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-8763
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same vendor: Ruijie
- CVE-2023-53881
ReyeeOS 1.204.1614 Man-in-the-Middle Remote Code Execution v - CVE-2025-11141
Ruijie NBR2100G-E branch_passw.php listAction os command inj - CVE-2025-10774
Ruijie 6000-E10 sub_commit.php os command injection - CVE-2025-9424
Ruijie WS7204-A branch_import.php os command injection - CVE-2025-34057
Ruijie NBR Router Administrative Credential Disclosure
Same weakness: CWE-311
- CVE-2026-34486
Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of Encr - CVE-2026-34992
Missing Encryption of Sensitive Data in antrea.io/antrea - CVE-2026-28678
dsa-hub-server: Clear-Text Storage of Sensitive Data - CVE-2026-27944
Nginx UI: Unauthenticated Backup Download with Encryption Ke - CVE-2025-15548
Missing Application-Layer Encryption in Web Interface Endpoi
V. Comments for CVE-2025-8763
No comments yet