CVE-2020-36870
CRITICAL EXPLOITEDRuijie Gateway EG and NBR Series 11.1(6)B9P1-11.9(4)B12P1 - Remote Code Execution via EWEB Management System
Title source: llmExploitation Summary
CVE-2020-36870 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server authentication, or screen mirroring are enabled to gain access or execute commands on affected devices. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-02-05 UTC.
References (4)
Core 4
Core References
Various Sources vendor-advisory
patch
https://www.ruijie.com.cn/gy/xw-aqtg-zw/85638/
Various Sources vendor-advisory
patch
https://www.ruijie.com.cn/gy/xw-aqtg-gw/86747/
Various Sources government-resource
third-party-advisory
https://www.cnvd.org.cn/flaw/show/CNVD-2021-09650
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/ruijie-networks-eg-and-nbr-series-routers-rce
Scores
CVSS v4
9.2
EPSS
0.0070
EPSS Percentile
48.4%
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
VulnCheck KEV
2025-11-07
CWE
CWE-94
Status
published
Products (37)
Beijing Star-Net Ruijie Network Technology Co., Ltd./EG3210
11.1(6)B9P1 - 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd./EG3220
11.1(6)B9P1 - 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd./EG3230
11.1(6)B9P1 - 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd./EG3250
11.1(6)B9P1 - 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd./NBR1000G-C
11.1(6)B9P1 - 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd./NBR1000G-E
11.1(6)B9P1 - 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd./NBR108G-P
11.1(6)B9P1 - 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd./NBR1300G-E
11.1(6)B9P1 - 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd./NBR1700G-E
11.1(6)B9P1 - 11.9(4)B12P1
Beijing Star-Net Ruijie Network Technology Co., Ltd./NBR2000G-C
11.1(6)B9P1 - 11.9(4)B12P1
... and 27 more
Published
Nov 07, 2025
Tracked Since
Feb 18, 2026