Search criteria
2 vulnerabilities by Beijing Star-Net Ruijie Network Technology Co., Ltd.
CVE-2023-7330 (GCVE-0-2023-7330)
Vulnerability from cvelistv5 – Published: 2025-11-24 20:31 – Updated: 2025-11-25 13:04
VLAI?
Summary
Ruijie NBR series routers contain an unauthenticated arbitrary file upload vulnerability via /ddi/server/fileupload.php. The endpoint accepts attacker-supplied values in the name and uploadDir parameters and saves the provided multipart file content without adequate validation or sanitization of file type, path, or extension. A remote attacker can upload a crafted PHP file and then access it from the web root, resulting in arbitrary code execution in the context of the web service. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-14 UTC.
Severity ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Beijing Star-Net Ruijie Network Technology Co., Ltd. | NBR Series Routers |
Affected:
0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-7330",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-24T21:06:20.265588Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T21:06:27.538Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "NBR Series Routers",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-nbr*:-:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Ruijie NBR series routers contain an unauthenticated arbitrary file upload vulnerability via /ddi/server/fileupload.php. The endpoint accepts attacker-supplied values in the name and uploadDir parameters and saves the provided multipart file content without adequate validation or sanitization of file type, path, or extension. A remote attacker can upload a crafted PHP file and then access it from the web root, resulting in arbitrary code execution in the context of the web service.\u0026nbsp;Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-14 UTC."
}
],
"value": "Ruijie NBR series routers contain an unauthenticated arbitrary file upload vulnerability via /ddi/server/fileupload.php. The endpoint accepts attacker-supplied values in the name and uploadDir parameters and saves the provided multipart file content without adequate validation or sanitization of file type, path, or extension. A remote attacker can upload a crafted PHP file and then access it from the web root, resulting in arbitrary code execution in the context of the web service.\u00a0Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-14 UTC."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T13:04:06.622Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/ruijie/ruijie-nbr-fileupload.yaml"
},
{
"tags": [
"exploit"
],
"url": "https://cn-sec.com/archives/1995366.html"
},
{
"tags": [
"exploit"
],
"url": "https://www.cnblogs.com/Domren/articles/19093295"
},
{
"tags": [
"exploit"
],
"url": "https://rfk0z.github.io/posts/Ruijie-NBR-router-fileupload-php-arbitrary-file-upload-vulnerability/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/ruijie-networks-nbr-routers-unauthenticated-arbitrary-file-upload-via-fileuploadphp"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"x_known-exploited-vulnerability"
],
"timeline": [
{
"lang": "en",
"time": "2023-01-01T17:00:00.000Z",
"value": "Vulnerability is publicly disclosed in 2023"
}
],
"title": "Ruijie Networks NBR Routers Unauthenticated Arbitrary File Upload via fileupload.php",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-7330",
"datePublished": "2025-11-24T20:31:19.914Z",
"dateReserved": "2025-11-24T19:18:42.972Z",
"dateUpdated": "2025-11-25T13:04:06.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-36870 (GCVE-0-2020-36870)
Vulnerability from cvelistv5 – Published: 2025-11-07 21:52 – Updated: 2025-11-20 21:32
VLAI?
Summary
Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server authentication, or screen mirroring are enabled to gain access or execute commands on affected devices. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-02-05 UTC.
Severity ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36870",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T16:10:42.887875Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T16:10:49.419Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RG-EG1000C",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RG-EG2000F",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RG-EG2000K",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RG-EG2000L",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RG-EG2000CE",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RG-EG2000SE",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RG-EG2000GE",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RG-EG2000XE",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RG-EG2000UE",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RG-EG3000CE",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RG-EG3000SE",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RG-EG3000GE",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RG-EG3000ME",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RG-EG3000UE",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RG-EG3000XE",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RG-EG2100-P",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG3210",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG3220",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG3230",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG3250",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NBR108G-P",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NBR1000G-E",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NBR1300G-E",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NBR1700G-E",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NBR2100G-E",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NBR2500D-E",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NBR3000D-E",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NBR6120-E",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NBR6135-E",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NBR6205-E",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NBR6210-E",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NBR6215-E",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NBR800G",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NBR950G",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NBR1000G-C",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NBR2000G-C",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NBR3000G-S",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-eg1000c:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-eg2000f:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-eg2000k:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-eg2000l:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-eg2000ce:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-eg2000se:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-eg2000ge:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-eg2000xe:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-eg2000ue:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-eg3000ce:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-eg3000se:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-eg3000ge:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-eg3000me:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-eg3000ue:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-eg3000xe:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-eg2100-p:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:eg3210:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:eg3220:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-eg3230:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-eg3250:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:nbr108g-p:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:nbr1000g-e:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:nbr1300g-e:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:nbr1700g-e:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijienetworks:rg-nbr2100g-e:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:nbr2500d-e:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:nbr3000d-e:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-nbr6120-e:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:nbr6135-e:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-nbr6205-e:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-nbr6210-e:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-nbr6215-e:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:nbr800g:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:nbr950g:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:nbr1000g-c:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:nbr2000g-c:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:nbr3000g-s:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 \u0026lt; 11.9(4)B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server authentication, or screen mirroring are enabled to gain access or execute commands on affected devices. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-02-05 UTC.\u003cdiv\u003e\u003c/div\u003e"
}
],
"value": "Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 \u003c 11.9(4)B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server authentication, or screen mirroring are enabled to gain access or execute commands on affected devices. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-02-05 UTC."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T21:32:27.504Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ruijie.com.cn/gy/xw-aqtg-zw/85638/"
},
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ruijie.com.cn/gy/xw-aqtg-gw/86747/"
},
{
"tags": [
"government-resource",
"third-party-advisory"
],
"url": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-09650"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/ruijie-networks-eg-and-nbr-series-routers-rce"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"x_known-exploited-vulnerability"
],
"timeline": [
{
"lang": "en",
"time": "2020-05-07T16:00:00.000Z",
"value": "Ruijie Networks publicly discloses technical details of vulnerability."
},
{
"lang": "en",
"time": "2021-01-21T17:00:00.000Z",
"value": "Ruijie Networks publicly acknowledges exploitation in the wild activity."
},
{
"lang": "en",
"time": "2021-03-11T17:00:00.000Z",
"value": "CNVD-2021-09650 is published."
}
],
"title": "Ruijie Gateway EG \u0026 NBR Models v11.1(6)B9P1 - 11.9(4)B12P1 RCE",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36870",
"datePublished": "2025-11-07T21:52:55.227Z",
"dateReserved": "2025-10-30T15:45:57.762Z",
"dateUpdated": "2025-11-20T21:32:27.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}