Описание
An issue was found in upload.php on the Ruijie EG-2000 series gateway. A parameter passed to the class UploadFile is mishandled (%00 and /var/./html are not checked), which can allow an attacker to upload any file to the gateway. This affects EG-2000SE EG_RGOS 11.9 B11P1.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:o:ruijie:eg-2000se_firmware:11.1\(1\)b1:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:ruijie:eg-2000se_firmware:11.9_b11p1:*:*:*:*:*:*:*
cpe:2.3:h:ruijie:eg-2000se:-:*:*:*:*:*:*:*
EPSS
Процентиль: 11%
0.00037
Низкий
7.5 High
CVSS3
Дефекты
CWE-284
Связанные уязвимости
CVSS3: 7.5
github
больше 1 года назад
An issue was found in upload.php on the Ruijie EG-2000 series gateway. A parameter passed to the class UploadFile is mishandled (%00 and /var/./html are not checked), which can allow an attacker to upload any file to the gateway. This affects EG-2000SE EG_RGOS 11.9 B11P1.
CVSS3: 6.3
fstec
больше 6 лет назад
Уязвимость сценария upload.php класса UploadFile микропрограммного обеспечения шлюзов Ruijie EG-2000SE, позволяющая нарушителю загружать произвольные файлы
EPSS
Процентиль: 11%
0.00037
Низкий
7.5 High
CVSS3
Дефекты
CWE-284