CVE-2019-16638

An issue was found on the Ruijie EG-2000 series gateway. An attacker can easily dump cleartext stored passwords in /data/config.text with simple XORs. This affects EG-2000SE EG_RGOS 11.1(1)B1.
References
Link Resource
https://0x.mk/?p=239 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:ruijie:eg-2000se_firmware:11.1\(1\)b1:*:*:*:*:*:*:*
cpe:2.3:h:ruijie:eg-2000se:*:*:*:*:*:*:*:*

History

10 Sep 2024, 17:00

Type Values Removed Values Added
First Time Ruijie eg-2000se
Ruijie eg-2000se Firmware
Ruijie
CWE CWE-312
CPE cpe:2.3:o:ruijie:eg-2000se_firmware:11.1\(1\)b1:*:*:*:*:*:*:*
cpe:2.3:h:ruijie:eg-2000se:*:*:*:*:*:*:*:*
Summary
  • (es) Se encontró un problema en la puerta de enlace de la serie Ruijie EG-2000. Un atacante puede volcar fácilmente las contraseñas almacenadas en texto plano en /data/config.text con XOR simples. Esto afecta a EG-2000SE EG_RGOS 11.1(1)B1.
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
References () https://0x.mk/?p=239 - () https://0x.mk/?p=239 - Exploit, Third Party Advisory

16 Jul 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-16 17:15

Updated : 2024-09-10 17:00


NVD link : CVE-2019-16638

Mitre link : CVE-2019-16638

CVE.ORG link : CVE-2019-16638


JSON object : View

Products Affected

ruijie

  • eg-2000se
  • eg-2000se_firmware
CWE
CWE-312

Cleartext Storage of Sensitive Information