An issue was found in upload.php on the Ruijie EG-2000 series gateway. A parameter passed to the class UploadFile is mishandled (%00 and /var/./html are not checked), which can allow an attacker to upload any file to the gateway. This affects EG-2000SE EG_RGOS 11.9 B11P1.
References
Link Providers
https://0x.mk/?p=239 cve-icon cve-icon cve-icon
History

Wed, 09 Jul 2025 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Ruijie
Ruijie eg-2000se
Ruijie eg-2000se Firmware
CPEs cpe:2.3:h:ruijie:eg-2000se:-:*:*:*:*:*:*:*
cpe:2.3:o:ruijie:eg-2000se_firmware:11.1\(1\)b1:*:*:*:*:*:*:*
cpe:2.3:o:ruijie:eg-2000se_firmware:11.9_b11p1:*:*:*:*:*:*:*
Vendors & Products Ruijie
Ruijie eg-2000se
Ruijie eg-2000se Firmware

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-07-16T00:00:00

Updated: 2024-08-05T01:17:40.886Z

Reserved: 2019-09-20T00:00:00

Link: CVE-2019-16640

cve-icon Vulnrichment

Updated: 2024-08-05T01:17:40.886Z

cve-icon NVD

Status : Analyzed

Published: 2024-07-16T17:15:10.513

Modified: 2025-07-09T17:00:25.463

Link: CVE-2019-16640

cve-icon Redhat

No data.