CVE-2020-37015

Name of the Vulnerable Software and Affected Versions Ruijie Networks Switch eWeb S29 RGOS version 11.4

Description The software contains a directory traversal flaw that permits unauthenticated attackers to access sensitive configuration files by manipulating file path parameters. Attackers can exploit the /download.do API endpoint using '../' sequences to retrieve system configuration files, which may contain credentials and network settings.

Recommendations Apply any available updates to address the directory traversal issue in the /download.do endpoint.