Vulnerability Details CVE-2019-16640
An issue was found in upload.php on the Ruijie EG-2000 series gateway. A parameter passed to the class UploadFile is mishandled (%00 and /var/./html are not checked), which can allow an attacker to upload any file to the gateway. This affects EG-2000SE EG_RGOS 11.9 B11P1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 9.9%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2019-16640
-
cpe:2.3:h:ruijie:eg-2000se:-
-
cpe:2.3:o:ruijie:eg-2000se_firmware:11.1(1)b1
-
cpe:2.3:o:ruijie:eg-2000se_firmware:11.9_b11p1