CVE-2020-36870

Published Nov 7, 2025

Last updated 9 days ago

CVSS critical 9.2
Network

Overview

Description
Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server authentication, or screen mirroring are enabled to gain access or execute commands on affected devices. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-02-05 UTC.
Source
disclosure@vulncheck.com
NVD status
Deferred

Risk scores

CVSS 4.0

Type
Secondary
Base score
9.2
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
CRITICAL

Weaknesses

disclosure@vulncheck.com
CWE-94

Social media

Hype score
Not currently trending

Related CVEs

  1. Fortinet FortiClient EMS Improper Access Control VulnerabilityCVE-2026-35616
  2. Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15, inefficiency in DCERPC buffering can lead to a performance degradation. This issue has been patched in version 7.0.15.CVE-2026-31937
  3. Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session MixupCVE-2026-4368
  4. Citrix NetScaler Out-of-Bounds Read VulnerabilityCVE-2026-3055
  5. Qualcomm Multiple Chipsets Memory Corruption VulnerabilityCVE-2026-21385

References

Sources include official advisories and independent security research.