CVE-2020-36870

Description

Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server authentication, or screen mirroring are enabled to gain access or execute commands on affected devices. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-02-05 UTC.

CVSS breakdown

CVSS 4.0

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

Present

Privileges Required

None

User Interaction

None

Confidentiality (Vulnerable System)

High

Integrity (Vulnerable System)

High

Availability (Vulnerable System)

High

Confidentiality (Subsequent System)

None

Integrity (Subsequent System)

None

Availability (Subsequent System)

None

Affected products

Beijing Star-Net Ruijie Network Technology Co., Ltd. / EG321011.1(6)B9P1 – 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd. / EG322011.1(6)B9P1 – 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd. / EG323011.1(6)B9P1 – 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd. / EG325011.1(6)B9P1 – 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd. / NBR1000G-C11.1(6)B9P1 – 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd. / NBR1000G-E11.1(6)B9P1 – 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd. / NBR108G-P11.1(6)B9P1 – 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd. / NBR1300G-E11.1(6)B9P1 – 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd. / NBR1700G-E11.1(6)B9P1 – 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd. / NBR2000G-C11.1(6)B9P1 – 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd. / NBR2100G-E11.1(6)B9P1 – 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd. / NBR2500D-E11.1(6)B9P1 – 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd. / NBR3000D-E11.1(6)B9P1 – 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd. / NBR3000G-S11.1(6)B9P1 – 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd. / NBR6120-E11.1(6)B9P1 – 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd. / NBR6135-E11.1(6)B9P1 – 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd. / NBR6205-E11.1(6)B9P1 – 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd. / NBR6210-E11.1(6)B9P1 – 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd. / NBR6215-E11.1(6)B9P1 – 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd. / NBR800G11.1(6)B9P1 – 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd. / NBR950G11.1(6)B9P1 – 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd. / RG-EG1000C11.1(6)B9P1 – 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd. / RG-EG2000CE11.1(6)B9P1 – 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd. / RG-EG2000F11.1(6)B9P1 – 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd. / RG-EG2000GE11.1(6)B9P1 – 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd. / RG-EG2000K11.1(6)B9P1 – 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd. / RG-EG2000L11.1(6)B9P1 – 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd. / RG-EG2000SE11.1(6)B9P1 – 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd. / RG-EG2000UE11.1(6)B9P1 – 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd. / RG-EG2000XE11.1(6)B9P1 – 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd. / RG-EG2100-P11.1(6)B9P1 – 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd. / RG-EG3000CE11.1(6)B9P1 – 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd. / RG-EG3000GE11.1(6)B9P1 – 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd. / RG-EG3000ME11.1(6)B9P1 – 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd. / RG-EG3000SE11.1(6)B9P1 – 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd. / RG-EG3000UE11.1(6)B9P1 – 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd. / RG-EG3000XE11.1(6)B9P1 – 11.9(4)B12P1

CVE-2020-36870

Description

CVSS breakdown

Affected products

References