Cleartext Password Vulnerability in Ruijie EG-2000 Series Gateway
CVE-2019-16638

7.5HIGH

Key Information:

Vendor
Ruijie
Status
Eg-2000se Firmware
Vendor
CVE Published:
16 July 2024

Summary

The Ruijie EG-2000 series gateway has a security flaw that enables attackers to extract passwords stored in cleartext from the device's configuration file. This vulnerability allows unauthorized users to read and exploit sensitive information by employing straightforward XOR operations to access the contents of the /data/config.text file. This poses significant risks for organizations relying on these gateways, as it could lead to unauthorized access and potential data breaches.

References

https://0x.mk/?p=239

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2019-16638 : Cleartext Password Vulnerability in Ruijie EG-2000 Series Gateway | SecurityVulnerability.io