CVE-2020-36870
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-07

Last updated on: 2025-11-20

Assigner: VulnCheck

Description
Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server authentication, or screen mirroring are enabled to gain access or execute commands on affected devices. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-02-05 UTC.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-07
Last Modified
2025-11-20
Generated
2026-06-16
AI Q&A
2025-11-07
EPSS Evaluated
2026-06-15
NVD
CVE-2020-36870
Affected Vendors & Products
Showing 39 associated CPEs
Vendor Product Version / Range
ruijie_networks nbr1000g-e *
ruijie_networks rg-eg2000f *
ruijie_networks nbr2100g-e *
ruijie_networks eg3230 *
ruijie_networks rg-eg3000ge *
ruijie_networks nbr108g-p *
ruijie_networks eweb_management_system 11.1(6)b9p1
ruijie_networks rg-eg2000ge *
ruijie_networks rg-eg2000ce *
ruijie_networks nbr3000g-s *
ruijie_networks nbr1000g-c *
ruijie_networks rg-eg2000k *
ruijie_networks rg-eg2000xe *
ruijie_networks rg-eg2000ue *
ruijie_networks eg3250 *
ruijie_networks rg-eg2000se *
ruijie_networks nbr2500d-e *
ruijie_networks rg-eg3000se *
ruijie_networks nbr6120-e *
ruijie_networks rg-eg1000c *
ruijie_networks nbr2000g-c *
ruijie_networks rg-eg2100-p *
ruijie_networks eweb_management_system 11.9(4)b12p1
ruijie_networks eg3210 *
ruijie_networks nbr3000d-e *
ruijie_networks rg-eg3000me *
ruijie_networks nbr950g *
ruijie_networks nbr6205-e *
ruijie_networks nbr1300g-e *
ruijie_networks rg-eg3000ce *
ruijie_networks nbr800g *
ruijie_networks nbr6135-e *
ruijie_networks nbr1700g-e *
ruijie_networks nbr6210-e *
ruijie_networks nbr6215-e *
ruijie_networks rg-eg3000ue *
ruijie_networks rg-eg2000l *
ruijie_networks eg3220 *
ruijie_networks rg-eg3000xe *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in various Ruijie Gateway EG and NBR models firmware versions between 11.1(6)B9P1 and 11.9(4)B12P1. It is a code execution vulnerability in the EWEB management system that can be exploited via front-end functionality. Attackers can abuse features such as guest authentication, local server authentication, or screen mirroring to gain unauthorized access or execute commands on affected devices.

Impact Analysis

Exploitation of this vulnerability can allow attackers to execute arbitrary code on affected devices without requiring user interaction or privileges. This can lead to unauthorized access, control over the device, potential disruption of network services, and compromise of sensitive information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-36870. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart