19 matches found
CVE-2019-16640
An issue was found in upload.php on the Ruijie EG-2000 series gateway. A parameter passed to the class UploadFile is mishandled %00 and /var/./html are not checked, which can allow an attacker to upload any file to the gateway. This affects EG-2000SE EGRGOS 11.9 B11P1...
CVE-2019-16639
An issue was found on the Ruijie EG-2000 series gateway. There is a newcli.php API interface without access control, which can allow an attacker who only has web interface access to use TELNET commands and/or show admin passwords via the modeurl=exec= substring. This affects EG-2000SE EGRGOS 11.9...
CVE-2019-16641
An issue was found on the Ruijie EG-2000 series gateway. There is a buffer overflow in client.so. Consequently, an attacker can use login.php to login to any account, without providing its password. This affects EG-2000SE EGRGOS 11.11B1...
EUVD-2019-19356
Malware in sbrugna...
CVE-2019-16639
An issue was found on the Ruijie EG-2000 series gateway. There is a newcli.php API interface without access control, which can allow an attacker who only has web interface access to use TELNET commands and/or show admin passwords via the modeurl=exec&command= substring. This affects EG-2000SE...
CVE-2019-16638
An issue was found on the Ruijie EG-2000 series gateway. An attacker can easily dump cleartext stored passwords in /data/config.text with simple XORs. This affects EG-2000SE EGRGOS 11.11B1...
CVE-2019-16641
An issue was found on the Ruijie EG-2000 series gateway. There is a buffer overflow in client.so. Consequently, an attacker can use login.php to login to any account, without providing its password. This affects EG-2000SE EGRGOS 11.11B1...
CVE-2019-16640
An issue was found in upload.php on the Ruijie EG-2000 series gateway. A parameter passed to the class UploadFile is mishandled %00 and /var/./html are not checked, which can allow an attacker to upload any file to the gateway. This affects EG-2000SE EGRGOS 11.9 B11P1...
CVE-2019-16638
The CVE-2019-16638 affects Ruijie EG-2000 series gateways (EG-2000SE, EG_RGOS) with version 11.1(1)B1. Description: an attacker can dump cleartext passwords stored in /data/config.text via simple XORs. Impact is credential disclosure with restricted integrity/availability. The Red Hat/RedHat and ...
CVE-2019-16640
An issue was found in upload.php on the Ruijie EG-2000 series gateway. A parameter passed to the class UploadFile is mishandled %00 and /var/./html are not checked, which can allow an attacker to upload any file to the gateway. This affects EG-2000SE EGRGOS 11.9 B11P1...
CVE-2019-16638
An issue was found on the Ruijie EG-2000 series gateway. An attacker can easily dump cleartext stored passwords in /data/config.text with simple XORs. This affects EG-2000SE EGRGOS 11.11B1...
CVE-2019-16640
An issue was found in upload.php on the Ruijie EG-2000 series gateway. A parameter passed to the class UploadFile is mishandled %00 and /var/./html are not checked, which can allow an attacker to upload any file to the gateway. This affects EG-2000SE EGRGOS 11.9 B11P1...
CVE-2019-16639
An issue was found on the Ruijie EG-2000 series gateway. There is a newcli.php API interface without access control, which can allow an attacker who only has web interface access to use TELNET commands and/or show admin passwords via the modeurl=exec&command= substring. This affects EG-2000SE...
CVE-2019-16638
An issue was found on the Ruijie EG-2000 series gateway. An attacker can easily dump cleartext stored passwords in /data/config.text with simple XORs. This affects EG-2000SE EGRGOS 11.11B1...
CVE-2019-16641
An issue was found on the Ruijie EG-2000 series gateway. There is a buffer overflow in client.so. Consequently, an attacker can use login.php to login to any account, without providing its password. This affects EG-2000SE EGRGOS 11.11B1...
CVE-2019-16639
An issue was found on the Ruijie EG-2000 series gateway. There is a newcli.php API interface without access control, which can allow an attacker who only has web interface access to use TELNET commands and/or show admin passwords via the modeurl=exec&command= substring. This affects EG-2000SE...
CVE-2019-16640
The CVE-2019-16640 issue affects Ruijie EG-2000SE gateway (and EG_RGOS) via upload.php and the UploadFile class. A mishandled parameter allows uploading arbitrary files because %00 and /var/./html are not checked, enabling potential attacks on the gateway. Affected versions include 11.9 B11P1 (EG...
CVE-2019-16639
Summary: CVE-2019-16639 affects Ruijie EG-2000 series gateways, notably EG-2000SE and EG_RGOS 11.9 B11P1. The issue is a newcli.php API interface without access control, enabling an attacker who has web interface access to run TELNET commands and potentially view admin passwords via the mode_url=...
PT-2019-6427 · Ruijie · Ruijie Eg-2000 Series Gateway
Name of the Vulnerable Software and Affected Versions: Ruijie EG-2000 series gateway versions 11.11B1 Description: The issue affects the Ruijie EG-2000 series gateway, where an attacker can easily dump cleartext stored passwords in /data/config.text using simple XORs. This allows a remote attacke...