Tuygun

**Name of the Vulnerable Software and Affected Versions** Ruijie Networks Switch eWeb S29 RGOS version 11.4 **Description** The software contains a directory traversal flaw that permits unauthenticated attackers to access sensitive configuration files by manipulating file path parameters. Attackers can exploit the `/download.do` API endpoint using '../' sequences to retrieve system configuration files, which may contain credentials and network settings. **Recommendations** Apply any available updates to address the directory traversal issue in the `/download.do` endpoint.