Details of VAR-202101-2012

ID

VAR-202101-2012

TITLE

Ruijie Gateway has unauthorized access vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2021-07059

DESCRIPTION

Ruijie Networks became a leading brand in China's data communication solutions since January 2000. Ruijie Gateway has an unauthorized access vulnerability. Attackers can use this vulnerability to execute arbitrary commands on the target device with root privileges.

Trust: 0.6

sources: CNVD: CNVD-2021-07059

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-07059

AFFECTED PRODUCTS

vendor:

ruijie

model:

nbr router

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2021-07059

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2021-07059
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2021-07059
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2021-07059

PATCH

title:

Patch for Ruijie Gateway has unauthorized access vulnerabilities

url:

https://www.cnvd.org.cn/patchinfo/show/245671

Trust: 0.6

sources: CNVD: CNVD-2021-07059

EXTERNAL IDS

db:

CNVD

id:

CNVD-2021-07059

Trust: 0.6

sources: CNVD: CNVD-2021-07059

REFERENCES

url:

https://github.com/yumusb/eggatewaygetshell_py

Trust: 0.6

sources: CNVD: CNVD-2021-07059

SOURCES

db:

CNVD

id:

CNVD-2021-07059

LAST UPDATE DATE

2022-05-04T09:42:09.128000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2021-07059

date:

2021-01-28T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2021-07059

date:

2021-01-25T00:00:00