CVE-2019-16641

Name of the Vulnerable Software and Affected Versions Ruijie EG-2000 series gateway versions EG-2000SE EG RGOS 11.1(1)B1.

Description The issue is related to a buffer overflow in the client.so file of the Ruijie EG-2000 series gateway. This allows an attacker to login to any account without providing a password by utilizing the login.php script. The exploitation of this issue can enable a remote attacker to gain access to an account and login to the system.

Recommendations For Ruijie EG-2000SE EG RGOS 11.1(1)B1, consider restricting access to the login.php script until a patch is available. As a temporary workaround, disabling the client.so file may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.