CVE-2020-36870

Sažetak

Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server authentication, or screen mirroring are enabled to gain access or execute commands on affected devices. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-06-07 UTC.

Reference

https://www.cnvd.org.cn/flaw/show/CNVD-2021-09650
https://www.ruijie.com.cn/gy/xw-aqtg-gw/86747/
https://www.ruijie.com.cn/gy/xw-aqtg-zw/85638/
https://www.vulncheck.com/advisories/ruijie-networks-eg-and-nbr-series-routers-rce

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

07-11-2025 - 22:15

Objavljeno

07-11-2025 - 22:15