CVE-2020-36870 (GCVE-0-2020-36870)
Vulnerability from cvelistv5 – Published: 2025-11-07 21:52 – Updated: 2025-11-20 21:32
VLAI?
Summary
Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server authentication, or screen mirroring are enabled to gain access or execute commands on affected devices. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-02-05 UTC.
Severity ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36870",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T16:10:42.887875Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T16:10:49.419Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RG-EG1000C",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RG-EG2000F",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RG-EG2000K",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RG-EG2000L",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RG-EG2000CE",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RG-EG2000SE",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RG-EG2000GE",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RG-EG2000XE",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RG-EG2000UE",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RG-EG3000CE",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RG-EG3000SE",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RG-EG3000GE",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RG-EG3000ME",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RG-EG3000UE",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RG-EG3000XE",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RG-EG2100-P",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG3210",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG3220",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG3230",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG3250",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NBR108G-P",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NBR1000G-E",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NBR1300G-E",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NBR1700G-E",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NBR2100G-E",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NBR2500D-E",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NBR3000D-E",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NBR6120-E",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NBR6135-E",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NBR6205-E",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NBR6210-E",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NBR6215-E",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NBR800G",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NBR950G",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NBR1000G-C",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NBR2000G-C",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NBR3000G-S",
"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.",
"versions": [
{
"lessThan": "11.9(4)B12P1",
"status": "affected",
"version": "11.1(6)B9P1",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-eg1000c:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-eg2000f:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-eg2000k:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-eg2000l:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-eg2000ce:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-eg2000se:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-eg2000ge:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-eg2000xe:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-eg2000ue:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-eg3000ce:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-eg3000se:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-eg3000ge:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-eg3000me:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-eg3000ue:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-eg3000xe:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-eg2100-p:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:eg3210:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:eg3220:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-eg3230:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-eg3250:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:nbr108g-p:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:nbr1000g-e:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:nbr1300g-e:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:nbr1700g-e:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijienetworks:rg-nbr2100g-e:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:nbr2500d-e:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:nbr3000d-e:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-nbr6120-e:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:nbr6135-e:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-nbr6205-e:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-nbr6210-e:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-nbr6215-e:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:nbr800g:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:nbr950g:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:nbr1000g-c:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:nbr2000g-c:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:nbr3000g-s:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9(4)B12P1",
"versionStartIncluding": "11.1(6)B9P1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 \u0026lt; 11.9(4)B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server authentication, or screen mirroring are enabled to gain access or execute commands on affected devices. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-02-05 UTC.\u003cdiv\u003e\u003c/div\u003e"
}
],
"value": "Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 \u003c 11.9(4)B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server authentication, or screen mirroring are enabled to gain access or execute commands on affected devices. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-02-05 UTC."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T21:32:27.504Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ruijie.com.cn/gy/xw-aqtg-zw/85638/"
},
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ruijie.com.cn/gy/xw-aqtg-gw/86747/"
},
{
"tags": [
"government-resource",
"third-party-advisory"
],
"url": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-09650"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/ruijie-networks-eg-and-nbr-series-routers-rce"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"x_known-exploited-vulnerability"
],
"timeline": [
{
"lang": "en",
"time": "2020-05-07T16:00:00.000Z",
"value": "Ruijie Networks publicly discloses technical details of vulnerability."
},
{
"lang": "en",
"time": "2021-01-21T17:00:00.000Z",
"value": "Ruijie Networks publicly acknowledges exploitation in the wild activity."
},
{
"lang": "en",
"time": "2021-03-11T17:00:00.000Z",
"value": "CNVD-2021-09650 is published."
}
],
"title": "Ruijie Gateway EG \u0026 NBR Models v11.1(6)B9P1 - 11.9(4)B12P1 RCE",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36870",
"datePublished": "2025-11-07T21:52:55.227Z",
"dateReserved": "2025-10-30T15:45:57.762Z",
"dateUpdated": "2025-11-20T21:32:27.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2020-36870\",\"sourceIdentifier\":\"disclosure@vulncheck.com\",\"published\":\"2025-11-07T22:15:38.587\",\"lastModified\":\"2025-11-20T22:15:53.293\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 \u003c 11.9(4)B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server authentication, or screen mirroring are enabled to gain access or execute commands on affected devices. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-02-05 UTC.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.2,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"references\":[{\"url\":\"https://www.cnvd.org.cn/flaw/show/CNVD-2021-09650\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://www.ruijie.com.cn/gy/xw-aqtg-gw/86747/\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://www.ruijie.com.cn/gy/xw-aqtg-zw/85638/\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://www.vulncheck.com/advisories/ruijie-networks-eg-and-nbr-series-routers-rce\",\"source\":\"disclosure@vulncheck.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-36870\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-11-13T16:10:42.887875Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-11-13T16:10:46.333Z\"}}], \"cna\": {\"tags\": [\"x_known-exploited-vulnerability\"], \"title\": \"Ruijie Gateway EG \u0026 NBR Models v11.1(6)B9P1 - 11.9(4)B12P1 RCE\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-242\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-242 Code Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 9.2, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"RG-EG1000C\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"RG-EG2000F\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"RG-EG2000K\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"RG-EG2000L\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"RG-EG2000CE\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"RG-EG2000SE\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"RG-EG2000GE\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"RG-EG2000XE\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"RG-EG2000UE\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"RG-EG3000CE\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"RG-EG3000SE\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"RG-EG3000GE\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"RG-EG3000ME\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"RG-EG3000UE\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"RG-EG3000XE\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"RG-EG2100-P\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"EG3210\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"EG3220\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"EG3230\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"EG3250\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"NBR108G-P\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"NBR1000G-E\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"NBR1300G-E\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"NBR1700G-E\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"NBR2100G-E\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"NBR2500D-E\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"NBR3000D-E\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"NBR6120-E\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"NBR6135-E\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"NBR6205-E\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"NBR6210-E\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"NBR6215-E\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"NBR800G\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"NBR950G\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"NBR1000G-C\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"NBR2000G-C\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Beijing Star-Net Ruijie Network Technology Co., Ltd.\", \"product\": \"NBR3000G-S\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1(6)B9P1\", \"lessThan\": \"11.9(4)B12P1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2020-05-07T16:00:00.000Z\", \"value\": \"Ruijie Networks publicly discloses technical details of vulnerability.\"}, {\"lang\": \"en\", \"time\": \"2021-01-21T17:00:00.000Z\", \"value\": \"Ruijie Networks publicly acknowledges exploitation in the wild activity.\"}, {\"lang\": \"en\", \"time\": \"2021-03-11T17:00:00.000Z\", \"value\": \"CNVD-2021-09650 is published.\"}], \"references\": [{\"url\": \"https://www.ruijie.com.cn/gy/xw-aqtg-zw/85638/\", \"tags\": [\"vendor-advisory\", \"patch\"]}, {\"url\": \"https://www.ruijie.com.cn/gy/xw-aqtg-gw/86747/\", \"tags\": [\"vendor-advisory\", \"patch\"]}, {\"url\": \"https://www.cnvd.org.cn/flaw/show/CNVD-2021-09650\", \"tags\": [\"government-resource\", \"third-party-advisory\"]}, {\"url\": \"https://www.vulncheck.com/advisories/ruijie-networks-eg-and-nbr-series-routers-rce\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.5.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 \u003c 11.9(4)B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server authentication, or screen mirroring are enabled to gain access or execute commands on affected devices. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-02-05 UTC.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 \u0026lt; 11.9(4)B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server authentication, or screen mirroring are enabled to gain access or execute commands on affected devices. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-02-05 UTC.\u003cdiv\u003e\u003c/div\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijie:rg-eg1000c:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijie:rg-eg2000f:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijie:rg-eg2000k:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijie:rg-eg2000l:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijie:rg-eg2000ce:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijie:rg-eg2000se:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijie:rg-eg2000ge:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijie:rg-eg2000xe:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijie:rg-eg2000ue:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijie:rg-eg3000ce:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijie:rg-eg3000se:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijie:rg-eg3000ge:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijie:rg-eg3000me:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijie:rg-eg3000ue:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijie:rg-eg3000xe:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijie:rg-eg2100-p:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijie:eg3210:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijie:eg3220:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijie:rg-eg3230:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijie:rg-eg3250:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijie:nbr108g-p:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijie:nbr1000g-e:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijie:nbr1300g-e:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijie:nbr1700g-e:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijienetworks:rg-nbr2100g-e:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijie:nbr2500d-e:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijie:nbr3000d-e:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijie:rg-nbr6120-e:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijie:nbr6135-e:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijie:rg-nbr6205-e:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijie:rg-nbr6210-e:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijie:rg-nbr6215-e:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijie:nbr800g:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijie:nbr950g:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijie:nbr1000g-c:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijie:nbr2000g-c:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ruijie:nbr3000g-s:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"11.9(4)B12P1\", \"versionStartIncluding\": \"11.1(6)B9P1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}], \"providerMetadata\": {\"orgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"shortName\": \"VulnCheck\", \"dateUpdated\": \"2025-11-20T21:32:27.504Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2020-36870\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-20T21:32:27.504Z\", \"dateReserved\": \"2025-10-30T15:45:57.762Z\", \"assignerOrgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"datePublished\": \"2025-11-07T21:52:55.227Z\", \"assignerShortName\": \"VulnCheck\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…