ID
CVE
TITLE
ruijienetworks of eg2000k Unrestricted Upload of Dangerous File Types Vulnerability in Firmware
sources:
JVNDB: JVNDB-2024-006616
DESCRIPTION
A vulnerability has been found in Ruijie EG2000K 11.1(6)B2 and classified as critical. This vulnerability affects unknown code of the file /tool/index.php?c=download&a=save. The manipulation of the argument content leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. ruijienetworks of eg2000k Firmware has an unrestricted upload of dangerous file types vulnerability.Service operation interruption (DoS) It may be in a state
sources:
NVD: CVE-2024-8166 //
JVNDB: JVNDB-2024-006616
AFFECTED PRODUCTS
| vendor: | ruijie | model: | eg2000k | scope: | eq | version: | 11.1\(6\)b2 | |
| vendor: | ruijienetworks | model: | eg2000k | scope: | eq | version: | eg2000k firmware 11.1(6)b2 | |
| vendor: | ruijienetworks | model: | eg2000k | scope: | eq | version: | - | |
| vendor: | ruijienetworks | model: | eg2000k | scope: | - | version: | - | |
sources:
JVNDB: JVNDB-2024-006616 //
NVD: CVE-2024-8166
CVSS
SEVERITY | CVSSV2 | CVSSV3 |
| cna@vuldb.com: | CVE-2024-8166 | |
|
| value: | MEDIUM | | | nvd@nist.gov: | CVE-2024-8166 | |
|
| value: | MEDIUM | | | OTHER: | JVNDB-2024-006616 | |
|
| value: | MEDIUM | |
| | cna@vuldb.com: | CVE-2024-8166 | |
|
| severity: | MEDIUM | | baseScore: | 5.8 | | vectorString: | AV:N/AC:L/AU:M/C:P/I:P/A:P | | accessVector: | NETWORK | | accessComplexity: | LOW | | authentication: | MULTIPLE | | confidentialityImpact: | PARTIAL | | integrityImpact: | PARTIAL | | availabilityImpact: | PARTIAL | | exploitabilityScore: | 6.4 | | impactScore: | 6.4 | | acInsufInfo: | NONE | | obtainAllPrivilege: | NONE | | obtainUserPrivilege: | NONE | | obtainOtherPrivilege: | NONE | | userInteractionRequired: | NONE | | version: | 2.0 | | | OTHER: | JVNDB-2024-006616 | |
|
| severity: | MEDIUM | | baseScore: | 5.8 | | vectorString: | AV:N/AC:L/AU:M/C:P/I:P/A:P | | accessVector: | NETWORK | | accessComplexity: | LOW | | authentication: | MULTIPLE | | confidentialityImpact: | PARTIAL | | integrityImpact: | PARTIAL | | availabilityImpact: | PARTIAL | | exploitabilityScore: | NONE | | impactScore: | NONE | | acInsufInfo: | NONE | | obtainAllPrivilege: | NONE | | obtainUserPrivilege: | NONE | | obtainOtherPrivilege: | NONE | | userInteractionRequired: | NONE | | version: | 2.0 | |
| | cna@vuldb.com: | CVE-2024-8166 | |
|
| baseSeverity: | MEDIUM | | baseScore: | 4.7 | | vectorString: | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L | | attackVector: | NETWORK | | attackComplexity: | LOW | | privilegesRequired: | HIGH | | userInteraction: | NONE | | scope: | UNCHANGED | | confidentialityImpact: | LOW | | integrityImpact: | LOW | | availabilityImpact: | LOW | | exploitabilityScore: | 1.2 | | impactScore: | 3.4 | | version: | 3.1 | | | nvd@nist.gov: | CVE-2024-8166 | |
|
| baseSeverity: | MEDIUM | | baseScore: | 4.9 | | vectorString: | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | | attackVector: | NETWORK | | attackComplexity: | LOW | | privilegesRequired: | HIGH | | userInteraction: | NONE | | scope: | UNCHANGED | | confidentialityImpact: | NONE | | integrityImpact: | NONE | | availabilityImpact: | HIGH | | exploitabilityScore: | 1.2 | | impactScore: | 3.6 | | version: | 3.1 | | | NVD: | JVNDB-2024-006616 | |
|
| baseSeverity: | MEDIUM | | baseScore: | 4.9 | | vectorString: | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | | attackVector: | NETWORK | | attackComplexity: | LOW | | privilegesRequired: | HIGH | | userInteraction: | NONE | | scope: | UNCHANGED | | confidentialityImpact: | NONE | | integrityImpact: | NONE | | availabilityImpact: | HIGH | | exploitabilityScore: | NONE | | impactScore: | NONE | | version: | 3.0 | |
|
sources:
JVNDB: JVNDB-2024-006616 //
NVD: CVE-2024-8166 //
NVD: CVE-2024-8166
PROBLEMTYPE DATA
| problemtype: | CWE-434 | |
| problemtype: | Unlimited uploads of dangerous types of files (CWE-434) [ others ] | |
sources:
JVNDB: JVNDB-2024-006616 //
NVD: CVE-2024-8166
EXTERNAL IDS
| db: | NVD | id: | CVE-2024-8166 | |
| db: | VULDB | id: | 275764 | |
| db: | JVNDB | id: | JVNDB-2024-006616 | |
sources:
JVNDB: JVNDB-2024-006616 //
NVD: CVE-2024-8166
REFERENCES
| url: | https://github.com/qiuhuihk/cve/blob/main/ruijie.md | |
| url: | https://vuldb.com/?id.275764 | |
| url: | https://vuldb.com/?submit.393750 | |
| url: | https://vuldb.com/?ctiid.275764 | |
| url: | https://nvd.nist.gov/vuln/detail/cve-2024-8166 | |
sources:
JVNDB: JVNDB-2024-006616 //
NVD: CVE-2024-8166
SOURCES
| db: | JVNDB | id: | JVNDB-2024-006616 |
| db: | NVD | id: | CVE-2024-8166 |
LAST UPDATE DATE
2024-08-30T22:54:30.133000+00:00
SOURCES UPDATE DATE
| db: | JVNDB | id: | JVNDB-2024-006616 | date: | 2024-08-27T01:08:00 |
| db: | NVD | id: | CVE-2024-8166 | date: | 2024-08-27T13:03:38.227 |
SOURCES RELEASE DATE
| db: | JVNDB | id: | JVNDB-2024-006616 | date: | 2024-08-27T00:00:00 |
| db: | NVD | id: | CVE-2024-8166 | date: | 2024-08-26T15:15:09.343 |
