Vulnerability Details CVE-2019-16639
An issue was found on the Ruijie EG-2000 series gateway. There is a newcli.php API interface without access control, which can allow an attacker (who only has web interface access) to use TELNET commands and/or show admin passwords via the mode_url=exec&command= substring. This affects EG-2000SE EG_RGOS 11.9 B11P1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.6%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2019-16639
-
cpe:2.3:h:ruijie:eg-2000se:-
-
cpe:2.3:o:ruijie:eg-2000se_firmware:11.9_b11p1