Critical severityNVD Advisory· Published Nov 7, 2025· Updated Apr 15, 2026

CVE-2020-36870

Description

Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server authentication, or screen mirroring are enabled to gain access or execute commands on affected devices. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-02-05 UTC.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.cnvd.org.cn/flaw/show/CNVD-2021-09650nvd
www.ruijie.com.cn/gy/xw-aqtg-gw/86747/nvd
www.ruijie.com.cn/gy/xw-aqtg-zw/85638/nvd
www.vulncheck.com/advisories/ruijie-networks-eg-and-nbr-series-routers-rcenvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000