CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Products
Ruijie EG2000K
- 11.1(6)B2
eg2000k_firmware
- 1
- 1
- .
- 1
- \
- (
- 6
- \
- )
- b
- 2
eg2000k
- -
Source
cna@vuldb.com
Tags
CVE-2024-8166 details
Last Modified : Aug. 26, 2024, 6:55 p.m.
Description
A vulnerability has been found in Ruijie EG2000K 11.1(6)B2 and classified as critical. This vulnerability affects unknown code of the file /tool/index.php?c=download&a=save. The manipulation of the argument content leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
| 1 | 2 | 3 | 4.9 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-434 | Unrestricted Upload of File with Dangerous Type | The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
Base Score
4.9
Exploitability Score
1.2
Impact Score
3.6
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
References
| URL | Source |
|---|---|
| https://github.com/qiuhuihk/cve/blob/main/ruijie.md | cna@vuldb.com |
| https://vuldb.com/?ctiid.275764 | cna@vuldb.com |
| https://vuldb.com/?id.275764 | cna@vuldb.com |
| https://vuldb.com/?submit.393750 | cna@vuldb.com |
CPEs
| Type | Vendor | Product | Version | Update | Edition | Language | Software Edition | Target Software | Target Hardware | Other Information |
|---|---|---|---|---|---|---|---|---|---|---|
| o | ruijienetworks | eg2000k_firmware | 11.1\(6\)b2 | / | / | / | / | / | / | / |
| h | ruijienetworks | eg2000k | - | / | / | / | / | / | / | / |