CVE-2019-16640

Name of the Vulnerable Software and Affected Versions Ruijie EG-2000SE versions 11.9 B11P1

Description The issue is related to the upload.php script in the Ruijie EG-2000SE gateway, specifically with the UploadFile class. It allows for unrestricted file upload of dangerous file types. An attacker can exploit this to upload arbitrary files to the gateway. The vulnerability is due to a mishandled parameter passed to the UploadFile class, where %00 and /var/./html are not properly checked.

Recommendations For version 11.9 B11P1, consider restricting access to the upload.php script and the UploadFile class until a patch is available. As a temporary workaround, avoid using the vulnerable upload functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.