github - ghsa-j892-g9v8-f728

ghsa-j892-g9v8-f728

Vulnerability from github

Published

2025-11-08 00:31

Modified

2025-11-08 00:31

Severity ?

9.2 (Critical) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Details

Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server authentication, or screen mirroring are enabled to gain access or execute commands on affected devices. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-06-07 UTC.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-36870"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-07T22:15:38Z",
    "severity": "CRITICAL"
  },
  "details": "Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 \u003c 11.9(4)B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server authentication, or screen mirroring are enabled to gain access or execute commands on affected devices. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-06-07 UTC.",
  "id": "GHSA-j892-g9v8-f728",
  "modified": "2025-11-08T00:31:00Z",
  "published": "2025-11-08T00:31:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36870"
    },
    {
      "type": "WEB",
      "url": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-09650"
    },
    {
      "type": "WEB",
      "url": "https://www.ruijie.com.cn/gy/xw-aqtg-gw/86747"
    },
    {
      "type": "WEB",
      "url": "https://www.ruijie.com.cn/gy/xw-aqtg-zw/85638"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/ruijie-networks-eg-and-nbr-series-routers-rce"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

CVE-2020-36870 (GCVE-0-2020-36870)

Vulnerability from cvelistv5

Published

2025-11-07 21:52

Modified

2025-11-07 21:52

Severity ?

9.2 (Critical) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Summary

References

URL

Tags

	https://www.ruijie.com.cn/gy/xw-aqtg-zw/85638/	vendor-advisory, patch
	https://www.ruijie.com.cn/gy/xw-aqtg-gw/86747/	vendor-advisory, patch
	https://www.cnvd.org.cn/flaw/show/CNVD-2021-09650	government-resource, third-party-advisory
	https://www.vulncheck.com/advisories/ruijie-networks-eg-and-nbr-series-routers-rce	third-party-advisory

Impacted products

Vendor

Product

Version

Beijing Star-Net Ruijie Network Technology Co., Ltd.

RG-EG1000C

Version: 11.1(6)B9P1 < 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.	RG-EG2000F	Version: 11.1(6)B9P1 < 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd.	RG-EG2000K	Version: 11.1(6)B9P1 < 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd.	RG-EG2000L	Version: 11.1(6)B9P1 < 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd.	RG-EG2000CE	Version: 11.1(6)B9P1 < 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd.	RG-EG2000SE	Version: 11.1(6)B9P1 < 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd.	RG-EG2000GE	Version: 11.1(6)B9P1 < 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd.	RG-EG2000XE	Version: 11.1(6)B9P1 < 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd.	RG-EG2000UE	Version: 11.1(6)B9P1 < 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd.	RG-EG3000CE	Version: 11.1(6)B9P1 < 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd.	RG-EG3000SE	Version: 11.1(6)B9P1 < 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd.	RG-EG3000GE	Version: 11.1(6)B9P1 < 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd.	RG-EG3000ME	Version: 11.1(6)B9P1 < 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd.	RG-EG3000UE	Version: 11.1(6)B9P1 < 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd.	RG-EG3000XE	Version: 11.1(6)B9P1 < 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd.	RG-EG2100-P	Version: 11.1(6)B9P1 < 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd.	EG3210	Version: 11.1(6)B9P1 < 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd.	EG3220	Version: 11.1(6)B9P1 < 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd.	EG3230	Version: 11.1(6)B9P1 < 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd.	EG3250	Version: 11.1(6)B9P1 < 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd.	NBR108G-P	Version: 11.1(6)B9P1 < 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd.	NBR1000G-E	Version: 11.1(6)B9P1 < 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd.	NBR1300G-E	Version: 11.1(6)B9P1 < 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd.	NBR1700G-E	Version: 11.1(6)B9P1 < 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd.	NBR2100G-E	Version: 11.1(6)B9P1 < 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd.	NBR2500D-E	Version: 11.1(6)B9P1 < 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd.	NBR3000D-E	Version: 11.1(6)B9P1 < 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd.	NBR6120-E	Version: 11.1(6)B9P1 < 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd.	NBR6135-E	Version: 11.1(6)B9P1 < 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd.	NBR6205-E	Version: 11.1(6)B9P1 < 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd.	NBR6210-E	Version: 11.1(6)B9P1 < 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd.	NBR6215-E	Version: 11.1(6)B9P1 < 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd.	NBR800G	Version: 11.1(6)B9P1 < 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd.	NBR950G	Version: 11.1(6)B9P1 < 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd.	NBR1000G-C	Version: 11.1(6)B9P1 < 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd.	NBR2000G-C	Version: 11.1(6)B9P1 < 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd.	NBR3000G-S	Version: 11.1(6)B9P1 < 11.9(4)B12P1

Show details on NVD website