Remote Code Execution in Ruijie Gateway EG and NBR Models
CVE-2020-36870

9.2CRITICAL

Key Information:

Vendor

Beijing Star-net Ruijie Network Technology Co., Ltd.

Status
Rg-eg1000c
Rg-eg2000f
Rg-eg2000k
Rg-eg2000l
Vendor
CVE Published:
7 November 2025

What is CVE-2020-36870?

Ruijie Gateway EG and NBR models contain a vulnerability in the EWEB management system that allows attackers to execute arbitrary code via exploited front-end functionalities. This issue arises when features like guest authentication, local server authentication, or screen mirroring are active, making devices susceptible to unauthorized access and command execution. The flaw could significantly impact network security if proper safeguards are not implemented. Effective mitigation strategies and software updates are essential to secure affected systems.

Affected Version(s)

EG3210 11.1(6)B9P1 < 11.9(4)B12P1

EG3220 11.1(6)B9P1 < 11.9(4)B12P1

EG3230 11.1(6)B9P1 < 11.9(4)B12P1

References

https://www.ruijie.com.cn/gy/xw-aqtg-zw/85638/
vendor-advisorypatch
https://www.ruijie.com.cn/gy/xw-aqtg-gw/86747/
vendor-advisorypatch
https://www.cnvd.org.cn/flaw/show/CNVD-2021-09650
government-resourcethird-party-advisory

CVSS V4

Score:
9.2
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2020-36870 : Remote Code Execution in Ruijie Gateway EG and NBR Models