关键信息 Severity: Critical Date: November 7, 2025 Affected Versions: Firmware versions 11.1(6)B9P1 - 11.9(4)B12P1 CVE: CVE-2020-36870 CWE: CWE-94 Improper Control of Generation of Code ('Code Injection') CVSS Score: 9.2 CVSS V4 Vector: References: Ruijie Networks Initial Disclosure Ruijie Networks Exploitation Acknowledgement CNVD-2021-09650 Shadowserver Exploitation Evidence Description: Code execution vulnerability in the EWEB management system of Ruijie Gateway EG and NBR models firmware versions between 11.1(6)B9P1 and 11.9(4)B12P1. Vulnerable when guest authentication, local server authentication, or screen mirroring features are enabled. Exploitation observed by the Shadowserver Foundation on 2025-06-07 UTC.