CVE-2019-16641

An issue was found on the Ruijie EG-2000 series gateway. There is a buffer overflow in client.so. Consequently, an attacker can use login.php to login to any account, without providing its password. This affects EG-2000SE EG_RGOS 11.1(1)B1.

CVSS v3 8.4 HIGH

8.4^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://0x.mk/?p=239
https://0x.mk/?p=239

Configurations

No configuration.

History

21 Nov 2024, 04:30

Type	Values Removed	Values Added
References	~~() https://0x.mk/?p=239 -~~	() https://0x.mk/?p=239 -

12 Aug 2024, 18:35

Type	Values Removed	Values Added
CWE		CWE-121
Summary		(es) Se encontró un problema en la puerta de enlace de la serie Ruijie EG-2000. Hay un desbordamiento del búfer en client.so. En consecuencia, un atacante puede utilizar login.php para iniciar sesión en cualquier cuenta, sin proporcionar su contraseña. Esto afecta a EG-2000SE EG_RGOS 11.1(1)B1.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.4

16 Jul 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-16 17:15

Updated : 2024-11-21 04:30

NVD link : CVE-2019-16641

Mitre link : CVE-2019-16641

CVE.ORG link : CVE-2019-16641

JSON object : View

Products Affected

No product.

CWE

CWE-121

Stack-based Buffer Overflow

8.4 /10