7 matches found
CVE-2019-16638
An issue was found on the Ruijie EG-2000 series gateway. An attacker can easily dump cleartext stored passwords in /data/config.text with simple XORs. This affects EG-2000SE EGRGOS 11.11B1...
CVE-2019-16641
An issue was found on the Ruijie EG-2000 series gateway. There is a buffer overflow in client.so. Consequently, an attacker can use login.php to login to any account, without providing its password. This affects EG-2000SE EGRGOS 11.11B1...
CVE-2019-16641
An issue was found on the Ruijie EG-2000 series gateway. There is a buffer overflow in client.so. Consequently, an attacker can use login.php to login to any account, without providing its password. This affects EG-2000SE EGRGOS 11.11B1...
CVE-2019-16641
An issue was found on the Ruijie EG-2000 series gateway. There is a buffer overflow in client.so. Consequently, an attacker can use login.php to login to any account, without providing its password. This affects EG-2000SE EGRGOS 11.11B1...
CVE-2019-16638
An issue was found on the Ruijie EG-2000 series gateway. An attacker can easily dump cleartext stored passwords in /data/config.text with simple XORs. This affects EG-2000SE EGRGOS 11.11B1...
CVE-2019-16641
The CVE-2019-16641 issue affects Ruijie EG-2000 series gateways (notably EG-2000SE and EG_RGOS 11.1(1)B1). A buffer overflow in the client.so component enables a login.bypass via login.php, letting an attacker access any account without a password. Connected sources confirm the affected products ...
CVE-2019-16640
The CVE-2019-16640 issue affects Ruijie EG-2000SE gateway (and EG_RGOS) via upload.php and the UploadFile class. A mishandled parameter allows uploading arbitrary files because %00 and /var/./html are not checked, enabling potential attacks on the gateway. Affected versions include 11.9 B11P1 (EG...