File Upload Vulnerability in Ruijie EG-2000 Series Gateway
CVE-2019-16640

Currently unrated

Key Information:

Vendor: Ruijie Networks
Vendor: CVE Published:; 16 July 2024

Summary

A vulnerability exists in the Ruijie EG-2000 series gateway, specifically in the upload.php file, where a parameter passed to the UploadFile class is inadequately validated. This oversight permits attackers to upload arbitrary files to the gateway. The affected version, EG-2000SE EG_RGOS 11.9 B11P1, does not check for certain character strings or directory traversal patterns (%00 and /var/./html), thus exposing the system to potential exploitations. This vulnerability poses significant security risks as it could lead to the execution of malicious files.

References

https://0x.mk/?p=239

Timeline

Vulnerability published
Jul 16, 2024
Vulnerability Reserved
Sep 20, 2019