cbcvebase.

Ruijie Eg-2000Se Firmware vulnerabilities

4 known vulnerabilities affecting ruijie/eg-2000se_firmware.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3

Vulnerabilities

Page 1 of 1
CVE-2019-16639P2CRITICALCVSS 9.8v11.9_b11p12024-07-16
CVE-2019-16639 [CRITICAL] CWE-78 CVE-2019-16639: An issue was found on the Ruijie EG-2000 series gateway. There is a newcli.php API interface without An issue was found on the Ruijie EG-2000 series gateway. There is a newcli.php API interface without access control, which can allow an attacker (who only has web interface access) to use TELNET commands and/or show admin passwords via the mode_url=exec&command= substring. This affects EG-2000SE EG_RGOS 11.9 B11P1.
nvd
CVE-2019-16640P3HIGHCVSS 7.5v11.1\(1\)b1v11.9_b11p12024-07-16
CVE-2019-16640 [HIGH] CWE-284 CVE-2019-16640: An issue was found in upload.php on the Ruijie EG-2000 series gateway. A parameter passed to the cla An issue was found in upload.php on the Ruijie EG-2000 series gateway. A parameter passed to the class UploadFile is mishandled (%00 and /var/./html are not checked), which can allow an attacker to upload any file to the gateway. This affects EG-2000SE EG_RGOS 11.9 B11P1.
nvd
CVE-2019-16641P3HIGHCVSS 8.4v11.1\(1\)b12024-07-16
CVE-2019-16641 [HIGH] CWE-121 CVE-2019-16641: An issue was found on the Ruijie EG-2000 series gateway. There is a buffer overflow in client.so. Co An issue was found on the Ruijie EG-2000 series gateway. There is a buffer overflow in client.so. Consequently, an attacker can use login.php to login to any account, without providing its password. This affects EG-2000SE EG_RGOS 11.1(1)B1.
nvd
CVE-2019-16638P3HIGHCVSS 7.5v11.1\(1\)b12024-07-16
CVE-2019-16638 [HIGH] CWE-312 CVE-2019-16638: An issue was found on the Ruijie EG-2000 series gateway. An attacker can easily dump cleartext store An issue was found on the Ruijie EG-2000 series gateway. An attacker can easily dump cleartext stored passwords in /data/config.text with simple XORs. This affects EG-2000SE EG_RGOS 11.1(1)B1.
nvd
Ruijie Eg-2000Se Firmware vulnerabilities | cvebase