CVE-2020-36870

High PUBLISHED

Ruijie Gateway EG & NBR Models v11.1(6)B9P1 - 11.9(4)B12P1 RCE

Beijing Star-Net Ruijie Network Technology Co., Ltd. · RG-EG1000C, RG-EG2000F, RG-EG2000K, RG-EG2000L, RG-EG2000CE, RG-EG2000SE, RG-EG2000GE, RG-EG2000XE, RG-EG2000UE, RG-EG3000CE, RG-EG3000SE, RG-EG3000GE, RG-EG3000ME, RG-EG3000UE, RG-EG3000XE, RG-EG2100-P, EG3210, EG3220, EG3230, EG3250, NBR108G-P, NBR1000G-E, NBR1300G-E, NBR1700G-E, NBR2100G-E, NBR2500D-E, NBR3000D-E, NBR6120-E, NBR6135-E, NBR6205-E, NBR6210-E, NBR6215-E, NBR800G, NBR950G, NBR1000G-C, NBR2000G-C, NBR3000G-S

Not yet in CISA KEV

Exploited in the wild

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
High
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
Not yet in CISA KEV
CVSS / EPSS
9.2 Critical

At a Glance

Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server authentication, or screen mirroring are enabled to gain access or execute commands on affected devices. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-02-05 UTC.

CVE Published
Nov 07, 2025
Exploitation Reported
Jan 24, 2026
CVSS
9.2 Critical
EPSS
Remote Low complexity No user interaction Unauthenticated

Affected Versions

37 version rows · page 2 of 2

Vendor Product Version Status
Beijing Star-Net Ruijie Network Technology Co., Ltd.
NBR2500D-E

11.1(6)B9P1 to < 11.9(4)B12P1

Affected
Beijing Star-Net Ruijie Network Technology Co., Ltd.
NBR3000D-E

11.1(6)B9P1 to < 11.9(4)B12P1

Affected
Beijing Star-Net Ruijie Network Technology Co., Ltd.
NBR6120-E

11.1(6)B9P1 to < 11.9(4)B12P1

Affected
Beijing Star-Net Ruijie Network Technology Co., Ltd.
NBR6135-E

11.1(6)B9P1 to < 11.9(4)B12P1

Affected
Beijing Star-Net Ruijie Network Technology Co., Ltd.
NBR6205-E

11.1(6)B9P1 to < 11.9(4)B12P1

Affected
Beijing Star-Net Ruijie Network Technology Co., Ltd.
NBR6210-E

11.1(6)B9P1 to < 11.9(4)B12P1

Affected
Beijing Star-Net Ruijie Network Technology Co., Ltd.
NBR6215-E

11.1(6)B9P1 to < 11.9(4)B12P1

Affected
Beijing Star-Net Ruijie Network Technology Co., Ltd.
NBR800G

11.1(6)B9P1 to < 11.9(4)B12P1

Affected
Beijing Star-Net Ruijie Network Technology Co., Ltd.
NBR950G

11.1(6)B9P1 to < 11.9(4)B12P1

Affected
Beijing Star-Net Ruijie Network Technology Co., Ltd.
NBR1000G-C

11.1(6)B9P1 to < 11.9(4)B12P1

Affected
Beijing Star-Net Ruijie Network Technology Co., Ltd.
NBR2000G-C

11.1(6)B9P1 to < 11.9(4)B12P1

Affected
Beijing Star-Net Ruijie Network Technology Co., Ltd.
NBR3000G-S

11.1(6)B9P1 to < 11.9(4)B12P1

Affected

CVE References

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.