CVE-2020-36870 - Vulnerability Details - OpenCVE

Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server authentication, or screen mirroring are enabled to gain access or execute commands on affected devices. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-02-05 UTC.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00179.

Exploitation none

Automatable yes

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Beijing Star-Net Ruijie Network Technology Co., Ltd.

RG-EG1000C

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.

RG-EG2000F

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.

RG-EG2000K

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.

RG-EG2000L

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.

RG-EG2000CE

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.

RG-EG2000SE

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.

RG-EG2000GE

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.

RG-EG2000XE

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.

RG-EG2000UE

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.

RG-EG3000CE

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.

RG-EG3000SE

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.

RG-EG3000GE

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.

RG-EG3000ME

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.

RG-EG3000UE

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.

RG-EG3000XE

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.

RG-EG2100-P

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.

EG3210

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.

EG3220

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.

EG3230

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.

EG3250

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.

NBR108G-P

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.

NBR1000G-E

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.

NBR1300G-E

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.

NBR1700G-E

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.

NBR2100G-E

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.

NBR2500D-E

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.

NBR3000D-E

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.

NBR6120-E

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.

NBR6135-E

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.

NBR6205-E

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.

NBR6210-E

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.

NBR6215-E

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.

NBR800G

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.

NBR950G

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.

NBR1000G-C

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.

NBR2000G-C

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

Beijing Star-Net Ruijie Network Technology Co., Ltd.

NBR3000G-S

unaffected

Version	Status	Constraints
`11.1(6)B9P1`	affected	< 11.9(4)B12P1

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Ruijie Subscribe	Eg3210 Subscribe Eg3220 Subscribe Eg3230 Subscribe Eg3250 Subscribe Nbr1000g-c Subscribe Nbr1000g-e Subscribe Nbr108g-p Subscribe Nbr1300g-e Subscribe Nbr1700g-e Subscribe Nbr2000g-c Subscribe Nbr2100g-e Subscribe Nbr2500d-e Subscribe Nbr3000d-e Subscribe Nbr3000g-s Subscribe Nbr6120-e Subscribe Nbr6135-e Subscribe Nbr6205-e Subscribe Nbr6210-e Subscribe Nbr6215-e Subscribe Nbr800g Subscribe Nbr950g Subscribe Rg-eg1000c Subscribe Rg-eg2000ce Subscribe Rg-eg2000f Subscribe Rg-eg2000ge Subscribe Rg-eg2000k Subscribe Rg-eg2000l Subscribe Rg-eg2000se Subscribe Rg-eg2000ue Subscribe Rg-eg2000xe Subscribe Rg-eg2100-p Subscribe Rg-eg3000ce Subscribe Rg-eg3000ge Subscribe Rg-eg3000me Subscribe Rg-eg3000se Subscribe Rg-eg3000ue Subscribe Rg-eg3000xe Subscribe

Project Subscriptions

Vendors	Products
Ruijie Subscribe	Eg3210 Subscribe Eg3220 Subscribe Eg3230 Subscribe Eg3250 Subscribe Nbr1000g-c Subscribe Nbr1000g-e Subscribe Nbr108g-p Subscribe Nbr1300g-e Subscribe Nbr1700g-e Subscribe Nbr2000g-c Subscribe Nbr2100g-e Subscribe Nbr2500d-e Subscribe Nbr3000d-e Subscribe Nbr3000g-s Subscribe Nbr6120-e Subscribe Nbr6135-e Subscribe Nbr6205-e Subscribe Nbr6210-e Subscribe Nbr6215-e Subscribe Nbr800g Subscribe Nbr950g Subscribe Rg-eg1000c Subscribe Rg-eg2000ce Subscribe Rg-eg2000f Subscribe Rg-eg2000ge Subscribe Rg-eg2000k Subscribe Rg-eg2000l Subscribe Rg-eg2000se Subscribe Rg-eg2000ue Subscribe Rg-eg2000xe Subscribe Rg-eg2100-p Subscribe Rg-eg3000ce Subscribe Rg-eg3000ge Subscribe Rg-eg3000me Subscribe Rg-eg3000se Subscribe Rg-eg3000ue Subscribe Rg-eg3000xe Subscribe Rg-eg3230 Subscribe Rg-eg3250 Subscribe Rg-nbr6120-e Subscribe Rg-nbr6205-e Subscribe Rg-nbr6210-e Subscribe Rg-nbr6215-e Subscribe
Ruijienetworks Subscribe	Rg-nbr2100g-e Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.cnvd.org.cn/flaw/show/CNVD-2021-09650
https://www.ruijie.com.cn/gy/xw-aqtg-gw/86747/
https://www.ruijie.com.cn/gy/xw-aqtg-zw/85638/
https://www.vulncheck.com/advisories/ruijie-networks-eg-and-nbr-series-routers-rce

History

Thu, 20 Nov 2025 21:45:00 +0000

Type	Values Removed	Values Added
Description	Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server authentication, or screen mirroring are enabled to gain access or execute commands on affected devices. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-06-07 UTC.	Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server authentication, or screen mirroring are enabled to gain access or execute commands on affected devices. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-02-05 UTC.
First Time appeared		Ruijie rg-eg3230 Ruijie rg-eg3250 Ruijie rg-nbr6120-e Ruijie rg-nbr6205-e Ruijie rg-nbr6210-e Ruijie rg-nbr6215-e Ruijienetworks Ruijienetworks rg-nbr2100g-e
CPEs		cpe:2.3:h:ruijie:eg3210:::::::: cpe:2.3:h:ruijie:eg3220:::::::: cpe:2.3:h:ruijie:nbr1000g-c:::::::: cpe:2.3:h:ruijie:nbr1000g-e:::::::: cpe:2.3:h:ruijie:nbr108g-p:::::::: cpe:2.3:h:ruijie:nbr1300g-e:::::::: cpe:2.3:h:ruijie:nbr1700g-e:::::::: cpe:2.3:h:ruijie:nbr2000g-c:::::::: cpe:2.3:h:ruijie:nbr2500d-e:::::::: cpe:2.3:h:ruijie:nbr3000d-e:::::::: cpe:2.3:h:ruijie:nbr3000g-s:::::::: cpe:2.3:h:ruijie:nbr6135-e:::::::: cpe:2.3:h:ruijie:nbr800g:::::::: cpe:2.3:h:ruijie:nbr950g:::::::: cpe:2.3:h:ruijie:rg-eg1000c:::::::: cpe:2.3:h:ruijie:rg-eg2000ce:::::::: cpe:2.3:h:ruijie:rg-eg2000f:::::::: cpe:2.3:h:ruijie:rg-eg2000ge:::::::: cpe:2.3:h:ruijie:rg-eg2000k:::::::: cpe:2.3:h:ruijie:rg-eg2000l:::::::: cpe:2.3:h:ruijie:rg-eg2000se:::::::: cpe:2.3:h:ruijie:rg-eg2000ue:::::::: cpe:2.3:h:ruijie:rg-eg2000xe:::::::: cpe:2.3:h:ruijie:rg-eg2100-p:::::::: cpe:2.3:h:ruijie:rg-eg3000ce:::::::: cpe:2.3:h:ruijie:rg-eg3000ge:::::::: cpe:2.3:h:ruijie:rg-eg3000me:::::::: cpe:2.3:h:ruijie:rg-eg3000se:::::::: cpe:2.3:h:ruijie:rg-eg3000ue:::::::: cpe:2.3:h:ruijie:rg-eg3000xe:::::::: cpe:2.3:h:ruijie:rg-eg3230:::::::: cpe:2.3:h:ruijie:rg-eg3250:::::::: cpe:2.3:h:ruijie:rg-nbr6120-e:::::::: cpe:2.3:h:ruijie:rg-nbr6205-e:::::::: cpe:2.3:h:ruijie:rg-nbr6210-e:::::::: cpe:2.3:h:ruijie:rg-nbr6215-e:::::::: cpe:2.3:h:ruijienetworks:rg-nbr2100g-e::::::::
Vendors & Products		Ruijie rg-eg3230 Ruijie rg-eg3250 Ruijie rg-nbr6120-e Ruijie rg-nbr6205-e Ruijie rg-nbr6210-e Ruijie rg-nbr6215-e Ruijienetworks Ruijienetworks rg-nbr2100g-e

Thu, 13 Nov 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 10 Nov 2025 09:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ruijie Ruijie eg3210 Ruijie eg3220 Ruijie eg3230 Ruijie eg3250 Ruijie nbr1000g-c Ruijie nbr1000g-e Ruijie nbr108g-p Ruijie nbr1300g-e Ruijie nbr1700g-e Ruijie nbr2000g-c Ruijie nbr2100g-e Ruijie nbr2500d-e Ruijie nbr3000d-e Ruijie nbr3000g-s Ruijie nbr6120-e Ruijie nbr6135-e Ruijie nbr6205-e Ruijie nbr6210-e Ruijie nbr6215-e Ruijie nbr800g Ruijie nbr950g Ruijie rg-eg1000c Ruijie rg-eg2000ce Ruijie rg-eg2000f Ruijie rg-eg2000ge Ruijie rg-eg2000k Ruijie rg-eg2000l Ruijie rg-eg2000se Ruijie rg-eg2000ue Ruijie rg-eg2000xe Ruijie rg-eg2100-p Ruijie rg-eg3000ce Ruijie rg-eg3000ge Ruijie rg-eg3000me Ruijie rg-eg3000se Ruijie rg-eg3000ue Ruijie rg-eg3000xe
Vendors & Products		Ruijie Ruijie eg3210 Ruijie eg3220 Ruijie eg3230 Ruijie eg3250 Ruijie nbr1000g-c Ruijie nbr1000g-e Ruijie nbr108g-p Ruijie nbr1300g-e Ruijie nbr1700g-e Ruijie nbr2000g-c Ruijie nbr2100g-e Ruijie nbr2500d-e Ruijie nbr3000d-e Ruijie nbr3000g-s Ruijie nbr6120-e Ruijie nbr6135-e Ruijie nbr6205-e Ruijie nbr6210-e Ruijie nbr6215-e Ruijie nbr800g Ruijie nbr950g Ruijie rg-eg1000c Ruijie rg-eg2000ce Ruijie rg-eg2000f Ruijie rg-eg2000ge Ruijie rg-eg2000k Ruijie rg-eg2000l Ruijie rg-eg2000se Ruijie rg-eg2000ue Ruijie rg-eg2000xe Ruijie rg-eg2100-p Ruijie rg-eg3000ce Ruijie rg-eg3000ge Ruijie rg-eg3000me Ruijie rg-eg3000se Ruijie rg-eg3000ue Ruijie rg-eg3000xe

Fri, 07 Nov 2025 22:00:00 +0000

Type	Values Removed	Values Added
Description		Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server authentication, or screen mirroring are enabled to gain access or execute commands on affected devices. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-06-07 UTC.
Title		Ruijie Gateway EG & NBR Models v11.1(6)B9P1 - 11.9(4)B12P1 RCE
Weaknesses		CWE-94
References		https://www.cnvd.org.cn/flaw/show/CNVD-2021-09650 https://www.ruijie.com.cn/gy/xw-aqtg-gw/86747/ https://www.ruijie.com.cn/gy/xw-aqtg-zw/85638/ https://www.vulncheck.com/advisories/ruijie-networks-eg-and-nbr-series-routers-rce
Metrics		cvssV4_0 `{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2025-11-07T21:52:55.227Z

Updated: 2025-11-20T21:32:27.504Z

Reserved: 2025-10-30T15:45:57.762Z

Link: CVE-2020-36870

Vulnrichment

Updated: 2025-11-13T16:10:46.333Z

NVD

Status : Awaiting Analysis

Published: 2025-11-07T22:15:38.587

Modified: 2025-11-20T22:15:53.293

Link: CVE-2020-36870

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-11-10T09:33:46Z

Weaknesses

CWE-94

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2020-36870", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2025-10-30T15:45:57.762Z", "datePublished": "2025-11-07T21:52:55.227Z", "dateUpdated": "2025-11-20T21:32:27.504Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "RG-EG1000C", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "RG-EG2000F", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "RG-EG2000K", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "RG-EG2000L", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "RG-EG2000CE", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "RG-EG2000SE", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "RG-EG2000GE", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "RG-EG2000XE", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "RG-EG2000UE", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "RG-EG3000CE", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "RG-EG3000SE", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "RG-EG3000GE", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "RG-EG3000ME", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "RG-EG3000UE", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "RG-EG3000XE", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "RG-EG2100-P", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "EG3210", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "EG3220", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "EG3230", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "EG3250", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "NBR108G-P", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "NBR1000G-E", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "NBR1300G-E", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "NBR1700G-E", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "NBR2100G-E", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "NBR2500D-E", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "NBR3000D-E", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "NBR6120-E", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "NBR6135-E", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "NBR6205-E", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "NBR6210-E", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "NBR6215-E", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "NBR800G", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "NBR950G", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "NBR1000G-C", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "NBR2000G-C", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "NBR3000G-S", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "versions": [{"lessThan": "11.9(4)B12P1", "status": "affected", "version": "11.1(6)B9P1", "versionType": "custom"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-eg1000c:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-eg2000f:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-eg2000k:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-eg2000l:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-eg2000ce:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-eg2000se:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-eg2000ge:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-eg2000xe:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-eg2000ue:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-eg3000ce:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-eg3000se:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-eg3000ge:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-eg3000me:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-eg3000ue:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-eg3000xe:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-eg2100-p:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:eg3210:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:eg3220:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-eg3230:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-eg3250:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:nbr108g-p:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:nbr1000g-e:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:nbr1300g-e:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:nbr1700g-e:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijienetworks:rg-nbr2100g-e:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:nbr2500d-e:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:nbr3000d-e:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-nbr6120-e:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:nbr6135-e:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-nbr6205-e:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-nbr6210-e:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-nbr6215-e:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:nbr800g:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:nbr950g:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:nbr1000g-c:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:nbr2000g-c:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:nbr3000g-s:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server authentication, or screen mirroring are enabled to gain access or execute commands on affected devices. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-02-05 UTC.<div></div>"}], "value": "Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server authentication, or screen mirroring are enabled to gain access or execute commands on affected devices. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-02-05 UTC."}], "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 9.2, "baseSeverity": "CRITICAL", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-11-20T21:32:27.504Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ruijie.com.cn/gy/xw-aqtg-zw/85638/"}, {"tags": ["vendor-advisory", "patch"], "url": "https://www.ruijie.com.cn/gy/xw-aqtg-gw/86747/"}, {"tags": ["government-resource", "third-party-advisory"], "url": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-09650"}, {"tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/ruijie-networks-eg-and-nbr-series-routers-rce"}], "source": {"discovery": "UNKNOWN"}, "tags": ["x_known-exploited-vulnerability"], "timeline": [{"lang": "en", "time": "2020-05-07T16:00:00.000Z", "value": "Ruijie Networks publicly discloses technical details of vulnerability."}, {"lang": "en", "time": "2021-01-21T17:00:00.000Z", "value": "Ruijie Networks publicly acknowledges exploitation in the wild activity."}, {"lang": "en", "time": "2021-03-11T17:00:00.000Z", "value": "CNVD-2021-09650 is published."}], "title": "Ruijie Gateway EG & NBR Models v11.1(6)B9P1 - 11.9(4)B12P1 RCE", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-13T16:10:42.887875Z", "id": "CVE-2020-36870", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-13T16:10:49.419Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2020-36870", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-11-13T16:10:42.887875Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-13T16:10:46.333Z"}}], "cna": {"tags": ["x_known-exploited-vulnerability"], "title": "Ruijie Gateway EG & NBR Models v11.1(6)B9P1 - 11.9(4)B12P1 RCE", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.2, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "RG-EG1000C", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "RG-EG2000F", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "RG-EG2000K", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "RG-EG2000L", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "RG-EG2000CE", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "RG-EG2000SE", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "RG-EG2000GE", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "RG-EG2000XE", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "RG-EG2000UE", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "RG-EG3000CE", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "RG-EG3000SE", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "RG-EG3000GE", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "RG-EG3000ME", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "RG-EG3000UE", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "RG-EG3000XE", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "RG-EG2100-P", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "EG3210", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "EG3220", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "EG3230", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "EG3250", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "NBR108G-P", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "NBR1000G-E", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "NBR1300G-E", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "NBR1700G-E", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "NBR2100G-E", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "NBR2500D-E", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "NBR3000D-E", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "NBR6120-E", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "NBR6135-E", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "NBR6205-E", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "NBR6210-E", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "NBR6215-E", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "NBR800G", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "NBR950G", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "NBR1000G-C", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "NBR2000G-C", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "NBR3000G-S", "versions": [{"status": "affected", "version": "11.1(6)B9P1", "lessThan": "11.9(4)B12P1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2020-05-07T16:00:00.000Z", "value": "Ruijie Networks publicly discloses technical details of vulnerability."}, {"lang": "en", "time": "2021-01-21T17:00:00.000Z", "value": "Ruijie Networks publicly acknowledges exploitation in the wild activity."}, {"lang": "en", "time": "2021-03-11T17:00:00.000Z", "value": "CNVD-2021-09650 is published."}], "references": [{"url": "https://www.ruijie.com.cn/gy/xw-aqtg-zw/85638/", "tags": ["vendor-advisory", "patch"]}, {"url": "https://www.ruijie.com.cn/gy/xw-aqtg-gw/86747/", "tags": ["vendor-advisory", "patch"]}, {"url": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-09650", "tags": ["government-resource", "third-party-advisory"]}, {"url": "https://www.vulncheck.com/advisories/ruijie-networks-eg-and-nbr-series-routers-rce", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server authentication, or screen mirroring are enabled to gain access or execute commands on affected devices. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-02-05 UTC.", "supportingMedia": [{"type": "text/html", "value": "Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server authentication, or screen mirroring are enabled to gain access or execute commands on affected devices. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-02-05 UTC.<div></div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-eg1000c:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-eg2000f:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-eg2000k:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-eg2000l:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-eg2000ce:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-eg2000se:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-eg2000ge:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-eg2000xe:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-eg2000ue:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-eg3000ce:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-eg3000se:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-eg3000ge:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-eg3000me:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-eg3000ue:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-eg3000xe:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-eg2100-p:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:eg3210:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:eg3220:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-eg3230:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-eg3250:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:nbr108g-p:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:nbr1000g-e:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:nbr1300g-e:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:nbr1700g-e:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijienetworks:rg-nbr2100g-e:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:nbr2500d-e:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:nbr3000d-e:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-nbr6120-e:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:nbr6135-e:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-nbr6205-e:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-nbr6210-e:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-nbr6215-e:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:nbr800g:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:nbr950g:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:nbr1000g-c:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:nbr2000g-c:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:nbr3000g-s:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.9(4)B12P1", "versionStartIncluding": "11.1(6)B9P1"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-11-20T21:32:27.504Z"}}}, "cveMetadata": {"cveId": "CVE-2020-36870", "state": "PUBLISHED", "dateUpdated": "2025-11-20T21:32:27.504Z", "dateReserved": "2025-10-30T15:45:57.762Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2025-11-07T21:52:55.227Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server authentication, or screen mirroring are enabled to gain access or execute commands on affected devices. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-02-05 UTC."}], "id": "CVE-2020-36870", "lastModified": "2025-11-20T22:15:53.293", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.2, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2025-11-07T22:15:38.587", "references": [{"source": "disclosure@vulncheck.com", "url": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-09650"}, {"source": "disclosure@vulncheck.com", "url": "https://www.ruijie.com.cn/gy/xw-aqtg-gw/86747/"}, {"source": "disclosure@vulncheck.com", "url": "https://www.ruijie.com.cn/gy/xw-aqtg-zw/85638/"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/ruijie-networks-eg-and-nbr-series-routers-rce"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}