Login Sign Up

CVE-2022-27983

7.5 HIGH
Path Traversal

📋 TL;DR

This vulnerability allows unauthenticated attackers to read arbitrary files on the RG-NBR2100G-E Enterprise Gateway through the url parameter in check.php. It affects organizations using this specific Ruijie Networks gateway device. Attackers can access sensitive system files, configuration data, and potentially credentials.

💻 Affected Systems

Products:
  • RG-NBR-E Enterprise Gateway RG-NBR2100G-E
Versions: Specific version unknown from provided references, but appears to affect current versions at time of discovery (2022).
Operating Systems: Embedded Linux (vendor-specific firmware)
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in the web interface component check.php. No special configuration required for exploitation.

📦 What is this software?

Rg Nbr2100g E Firmware by Ruijienetworks

View all CVEs affecting Rg Nbr2100g E Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through reading sensitive configuration files, SSH keys, password files, or obtaining administrative credentials leading to network takeover.

🟠

Likely Case

Information disclosure of sensitive system files, configuration data, and potential credential harvesting for lateral movement.

🟢

If Mitigated

Limited to reading non-sensitive files if proper file permissions and network segmentation are implemented.

🌐 Internet-Facing: HIGH - The vulnerability is unauthenticated and can be exploited remotely if the device is exposed to the internet.
🏢 Internal Only: MEDIUM - Still exploitable from internal networks but requires initial network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Simple HTTP request manipulation required. The vulnerability is straightforward to exploit with basic web testing tools.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown specific version - check Ruijie Networks for latest firmware

Vendor Advisory: Not provided in references - check Ruijie Networks official website

Restart Required: Yes

Instructions:

1. Check Ruijie Networks official website for security advisories. 2. Download latest firmware version. 3. Backup current configuration. 4. Upload and install new firmware through web interface. 5. Reboot device. 6. Restore configuration if needed.

🔧 Temporary Workarounds

Network Access Control

all

Restrict access to the device's web interface to trusted networks only

Web Interface Disable

all

Disable the web management interface if not required and use CLI/SSH management instead

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate the gateway from untrusted networks
  • Deploy a WAF (Web Application Firewall) in front of the device to filter malicious requests

🔍 How to Verify

Check if Vulnerable:

Test by sending HTTP GET request to /check.php with url parameter pointing to sensitive file (e.g., /etc/passwd). Example: GET /check.php?url=file:///etc/passwd

Check Version:

Check web interface admin panel or use SNMP/CLI commands specific to Ruijie devices

Verify Fix Applied:

Attempt the same exploit after patching - should return error or no file content. Check firmware version against vendor's patched version list.

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests to check.php with file:// URLs or path traversal sequences
  • Multiple failed file read attempts
  • Access to sensitive file paths from unusual sources

Network Indicators:

  • HTTP GET requests with url parameter containing file:// protocol or directory traversal patterns
  • Traffic to check.php from external IPs

SIEM Query:

http.url:"*check.php*" AND http.uri_query:"*url=file://*" OR http.uri_query:"*url=../*"

📊 Metadata

CVE ID: CVE-2022-27983
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Published: May 2, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON