CVE-2020-36870 - Vulnerability Details

Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server authentication, or screen mirroring are enabled to gain access or execute commands on affected devices. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-06-07 UTC.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.cnvd.org.cn/flaw/show/CNVD-2021-09650
https://www.ruijie.com.cn/gy/xw-aqtg-gw/86747/
https://www.ruijie.com.cn/gy/xw-aqtg-zw/85638/
https://www.vulncheck.com/advisories/ruijie-networks-eg-and-nbr-series-routers-rce

History

Fri, 07 Nov 2025 22:00:00 +0000

Type	Values Removed	Values Added
Description		Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server authentication, or screen mirroring are enabled to gain access or execute commands on affected devices. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-06-07 UTC.
Title		Ruijie Gateway EG & NBR Models v11.1(6)B9P1 - 11.9(4)B12P1 RCE
Weaknesses		CWE-94
References		https://www.cnvd.org.cn/flaw/show/CNVD-2021-09650 https://www.ruijie.com.cn/gy/xw-aqtg-gw/86747/ https://www.ruijie.com.cn/gy/xw-aqtg-zw/85638/ https://www.vulncheck.com/advisories/ruijie-networks-eg-and-nbr-series-routers-rce
Metrics		cvssV4_0 `{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2025-11-07T21:52:55.227Z

Updated: 2025-11-07T21:52:55.227Z

Reserved: 2025-10-30T15:45:57.762Z

Link: CVE-2020-36870

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-11-07T22:15:38.587

Modified: 2025-11-07T22:15:38.587

Link: CVE-2020-36870

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object