Back to KEVs

CVE-2020-36870

Ruijie Gateway EG & NBR Models v11.1(6)B9P1 - 11.9(4)B12P1 RCE

Basic Information

CVE State
PUBLISHED
Reserved Date
October 30, 2025
Published Date
November 07, 2025
Last Updated
November 20, 2025
Vendor
Beijing Star-Net Ruijie Network Technology Co., Ltd.
Product
RG-EG1000C, RG-EG2000F, RG-EG2000K, RG-EG2000L, RG-EG2000CE, RG-EG2000SE, RG-EG2000GE, RG-EG2000XE, RG-EG2000UE, RG-EG3000CE, RG-EG3000SE, RG-EG3000GE, RG-EG3000ME, RG-EG3000UE, RG-EG3000XE, RG-EG2100-P, EG3210, EG3220, EG3230, EG3250, NBR108G-P, NBR1000G-E, NBR1300G-E, NBR1700G-E, NBR2100G-E, NBR2500D-E, NBR3000D-E, NBR6120-E, NBR6135-E, NBR6205-E, NBR6210-E, NBR6215-E, NBR800G, NBR950G, NBR1000G-C, NBR2000G-C, NBR3000G-S
Description
Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server authentication, or screen mirroring are enabled to gain access or execute commands on affected devices. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-02-05 UTC.

CVSS Scores

CVSS v4.0

9.2 - CRITICAL

Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

SSVC Information

Exploitation
none
Automatable
Yes
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2026-01-24 00:00:00 UTC) Source

References

https://www.ruijie.com.cn/gy/xw-aqtg-zw/85638/ https://www.ruijie.com.cn/gy/xw-aqtg-gw/86747/ https://www.cnvd.org.cn/flaw/show/CNVD-2021-09650 https://www.vulncheck.com/advisories/ruijie-networks-eg-and-nbr-series-routers-rce

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2026-01-24 00:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel