CVE-2020-36870
9.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server authentication, or screen mirroring are enabled to gain access or execute commands on affected devices. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-02-05 UTC.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | RG-EG1000C | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | RG-EG2000F | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | RG-EG2000K | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | RG-EG2000L | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | RG-EG2000CE | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | RG-EG2000SE | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | RG-EG2000GE | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | RG-EG2000XE | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | RG-EG2000UE | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | RG-EG3000CE | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | RG-EG3000SE | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | RG-EG3000GE | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | RG-EG3000ME | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | RG-EG3000UE | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | RG-EG3000XE | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | RG-EG2100-P | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | EG3210 | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | EG3220 | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | EG3230 | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | EG3250 | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | NBR108G-P | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | NBR1000G-E | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | NBR1300G-E | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | NBR1700G-E | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | NBR2100G-E | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | NBR2500D-E | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | NBR3000D-E | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | NBR6120-E | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | NBR6135-E | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | NBR6205-E | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | NBR6210-E | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | NBR6215-E | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | NBR800G | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | NBR950G | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | NBR1000G-C | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | NBR2000G-C | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | NBR3000G-S | 11.1(6)B9P1 < 11.9(4)B12P1 | affected |
Weaknesses
- CWE-94: CWE-94 Improper Control of Generation of Code ('Code Injection')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://www.ruijie.com.cn/gy/xw-aqtg-zw/85638/
- https://www.ruijie.com.cn/gy/xw-aqtg-gw/86747/
- https://www.cnvd.org.cn/flaw/show/CNVD-2021-09650
- https://www.vulncheck.com/advisories/ruijie-networks-eg-and-nbr-series-routers-rce
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.