CVE-2019-16638

An issue was found on the Ruijie EG-2000 series gateway. An attacker can easily dump cleartext stored passwords in /data/config.text with simple XORs. This affects EG-2000SE EGRGOS 11.11B1...

The vulnerability in the upload.php script of the UploadFile class in the Ruijie EG-2000SE software library allows attackers to upload arbitrary files.

The vulnerability of the upload.php script in the UploadFile class of the Ruijie EG-2000SE gateway software relates to the ability to upload files of a dangerous type without restrictions. Exploiting this vulnerability allows an attacker to remotely upload any type of files...

The vulnerability of the newcli.php web interface of the Ruijie EG-2000SE software firewall allows a perpetrator to escalate their privileges and gain unauthorized access to protected information.

The vulnerability of the newcli.php web interface of the Ruijie EG-2000SE software gateway lies in the lack of measures taken to neutralize the special elements used in commands. Exploiting this vulnerability can allow an attacker, operating remotely, to enhance their privileges and gain...

The vulnerability of the client.so file of the Ruijie EG-2000SE software allows a hacker to gain access to the user account and gain control over the system.

The vulnerability of the client.so file of the Ruijie EG-2000SE microprogramming system lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to gain access to the user account and execute commands to gain control of the system...

CVE-2019-16641

An issue was found on the Ruijie EG-2000 series gateway. There is a buffer overflow in client.so. Consequently, an attacker can use login.php to login to any account, without providing its password. This affects EG-2000SE EGRGOS 11.11B1...

CVE-2019-16641

An issue was found on the Ruijie EG-2000 series gateway. There is a buffer overflow in client.so. Consequently, an attacker can use login.php to login to any account, without providing its password. This affects EG-2000SE EGRGOS 11.11B1...

CVE-2019-16638

An issue was found on the Ruijie EG-2000 series gateway. An attacker can easily dump cleartext stored passwords in /data/config.text with simple XORs. This affects EG-2000SE EGRGOS 11.11B1...

CVE-2019-16640

The CVE-2019-16640 issue affects Ruijie EG-2000SE gateway (and EG_RGOS) via upload.php and the UploadFile class. A mishandled parameter allows uploading arbitrary files because %00 and /var/./html are not checked, enabling potential attacks on the gateway. Affected versions include 11.9 B11P1 (EG...

CVE-2019-16641

The CVE-2019-16641 issue affects Ruijie EG-2000 series gateways (notably EG-2000SE and EG_RGOS 11.1(1)B1). A buffer overflow in the client.so component enables a login.bypass via login.php, letting an attacker access any account without a password. Connected sources confirm the affected products ...

CVE-2019-16641

An issue was found on the Ruijie EG-2000 series gateway. There is a buffer overflow in client.so. Consequently, an attacker can use login.php to login to any account, without providing its password. This affects EG-2000SE EGRGOS 11.11B1...