An issue was found in upload.php on the Ruijie EG-2000 series gateway. A parameter passed to the class UploadFile is mishandled (%00 and /var/./html are not checked), which can allow an attacker to upload any file to the gateway. This affects EG-2000SE EG_RGOS 11.9 B11P1.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://0x.mk/?p=239 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-07-16T00:00:00
Updated: 2024-08-05T01:17:40.886Z
Reserved: 2019-09-20T00:00:00
Link: CVE-2019-16640
Vulnrichment
Updated: 2024-08-05T01:17:40.886Z
NVD
Status : Awaiting Analysis
Published: 2024-07-16T17:15:10.513
Modified: 2024-08-01T13:41:47.967
Link: CVE-2019-16640
Redhat
No data.