Ruijie RG-EW1200G Router Background - Login Bypass

A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/sys/login. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to t...

Ruijie RG-EW1200G Router - Password Reset

A vulnerability was found in Ruijie RG-EW1200G 1.01B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/setpasswd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can ...

Ruijie RG-NBS2009G-P - Improper Authentication

An issue in Ruijie RG-NBS2009G-P RGOS v.10.41P2 Release9736 allows a remote attacker to gain privileges via the system/configmenu.htm. id: CVE-2024-24116 info: name: Ruijie RG-NBS2009G-P - Improper Authentication author: friea severity: critical description: | An issue in Ruijie RG-NBS2009G-P RGO...

CVE-2020-37015

The Ruijie Networks Switch eWeb S29RGOS version 11.4 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by manipulating file path parameters. Attackers can exploit the /download.do endpoint with '../' sequences to retrieve...

CVE-2020-37015

The Ruijie Networks Switch eWeb S29RGOS version 11.4 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by manipulating file path parameters. Attackers can exploit the /download.do endpoint with '../' sequences to retrieve...

CVE-2020-37015

CVE-2020-37015 affects Ruijie Networks Switch eWeb S29_RGOS 11.4. The vulnerability is a directory traversal in the web interface where an unauthenticated user can manipulate the file path on the /download.do endpoint using ’../’ sequences to retrieve sensitive configuration files that may contai...

CVE-2020-37015 Ruijie Networks Switch eWeb S29_RGOS 11.4 - Directory Traversal

The Ruijie Networks Switch eWeb S29RGOS version 11.4 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by manipulating file path parameters. Attackers can exploit the /download.do endpoint with '../' sequences to retrieve...

CVE-2020-37015 Ruijie Networks Switch eWeb S29_RGOS 11.4 - Directory Traversal

The Ruijie Networks Switch eWeb S29RGOS version 11.4 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by manipulating file path parameters. Attackers can exploit the /download.do endpoint with '../' sequences to retrieve...

EUVD-2020-30919

Ruijie Networks Switch eWeb S29RGOS 11.4 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by manipulating file path parameters. Attackers can exploit the /download.do endpoint with '../' sequences to retrieve system...

Ruijie Switch eWeb S29_RGOS path traversal vulnerability

Ruijie Switch eWeb S29RGOS is a web management interface system developed by the Chinese company Ruijie. The version 11.4 of Ruijie Switch eWeb S29RGOS contains a path traversal vulnerability. This vulnerability stems from the /download.do endpoint, which allows for directory traversal, potential...

PT-2026-5289

Name of the Vulnerable Software and Affected Versions Ruijie Networks Switch eWeb S29 RGOS version 11.4 Description The software contains a directory traversal flaw that permits unauthenticated attackers to access sensitive configuration files by manipulating file path parameters. Attackers can...

Ruijie AP180 Series Operating System Command Injection Vulnerability

The Ruijie AP180 Series is a series of panel-type wireless access points produced by the Chinese company Ruijie. Previous versions of the Ruijie AP180 Series, including those with model number 11.94B1P8, had a vulnerability related to operating system command injection. This vulnerability stems...

Ruijie Networks AP180 series vulnerable to OS command injection

Overview AP180 series provided by Ruijie Networks Co., Ltd. contains the following vulnerability. OS command injection CWE-78 - CVE-2026-23699 Thanh Do of BabyPhD reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

CVE-2023-50993

Ruijie WS6008 v1.x v2.x ACRGOS11.96W3B2G2C6-0110221911 and WS6108 v1.x ACRGOS11.96W3B2G2C6-0110221911 was discovered to contain a command injection vulnerability via the function downFiles...

CVE-2023-4415

A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/sys/login. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to t...

CVE-2019-16640

An issue was found in upload.php on the Ruijie EG-2000 series gateway. A parameter passed to the class UploadFile is mishandled %00 and /var/./html are not checked, which can allow an attacker to upload any file to the gateway. This affects EG-2000SE EGRGOS 11.9 B11P1...

CVE-2019-16639

An issue was found on the Ruijie EG-2000 series gateway. There is a newcli.php API interface without access control, which can allow an attacker who only has web interface access to use TELNET commands and/or show admin passwords via the modeurl=exec= substring. This affects EG-2000SE EGRGOS 11.9...

CVE-2019-16641

An issue was found on the Ruijie EG-2000 series gateway. There is a buffer overflow in client.so. Consequently, an attacker can use login.php to login to any account, without providing its password. This affects EG-2000SE EGRGOS 11.11B1...

CVE-2019-16638

An issue was found on the Ruijie EG-2000 series gateway. An attacker can easily dump cleartext stored passwords in /data/config.text with simple XORs. This affects EG-2000SE EGRGOS 11.11B1...

CVE-2024-2641

A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It has been classified as critical. Affected is an unknown function of the file /system/passwdManage.htm of the component Password Handler. The manipulation leads to improper authorization. It is possible to launch the attack...