CVE-2025-34057

An information disclosure vulnerability exists in Ruijie NBR series routers (known to affect NBR2000G, NBR1300G, and NBR1000 models) via the /WEB_VMS/LEVEL15/ endpoint. By crafting a specific POST request with modified Cookie headers and specially formatted parameters, an unauthenticated attacker can retrieve administrative account credentials in plaintext. This flaw allows direct disclosure of sensitive user data due to improper authentication checks and insecure backend logic.

CVSS

No CVSS.

References

Link	Resource
https://vulncheck.com/advisories/ruijie-nbr-router-administrative-credential-disclosure
https://vulners.com/seebug/SSV:89107
https://www.seebug.org/vuldb/ssvid-89107

Configurations

No configuration.

History

03 Jul 2025, 15:13

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de divulgación de información en Ruijie NBR series routers (que se sabe que afecta a los modelos NBR2000G, NBR1300G y NBR1000) a través del endpoint /WEB_VMS/LEVEL15/. Al manipular una solicitud POST específica con encabezados de cookie modificados y parámetros con un formato especial, un atacante no autenticado puede obtener las credenciales de la cuenta administrativa en texto plano. Esta falla permite la divulgación directa de datos confidenciales del usuario debido a comprobaciones de autenticación incorrectas y una lógica de backend insegura.

02 Jul 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-02 14:15

Updated : 2025-07-03 15:13

NVD link : CVE-2025-34057

Mitre link : CVE-2025-34057

CVE.ORG link : CVE-2025-34057

JSON object : View

Products Affected

No product.

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2025-34057", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-02T14:15:24.090", "references": [{"url": "https://vulncheck.com/advisories/ruijie-nbr-router-administrative-credential-disclosure", "source": "disclosure@vulncheck.com"}, {"url": "https://vulners.com/seebug/SSV:89107", "source": "disclosure@vulncheck.com"}, {"url": "https://www.seebug.org/vuldb/ssvid-89107", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists in Ruijie NBR series routers (known to affect\u00a0NBR2000G, NBR1300G, and NBR1000 models)\u00a0via the /WEB_VMS/LEVEL15/ endpoint. By crafting a specific POST request with modified Cookie headers and specially formatted parameters, an unauthenticated attacker can retrieve administrative account credentials in plaintext. This flaw allows direct disclosure of sensitive user data due to improper authentication checks and insecure backend logic."}, {"lang": "es", "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en Ruijie NBR series routers (que se sabe que afecta a los modelos NBR2000G, NBR1300G y NBR1000) a trav\u00e9s del endpoint /WEB_VMS/LEVEL15/. Al manipular una solicitud POST espec\u00edfica con encabezados de cookie modificados y par\u00e1metros con un formato especial, un atacante no autenticado puede obtener las credenciales de la cuenta administrativa en texto plano. Esta falla permite la divulgaci\u00f3n directa de datos confidenciales del usuario debido a comprobaciones de autenticaci\u00f3n incorrectas y una l\u00f3gica de backend insegura."}], "lastModified": "2025-07-03T15:13:53.147", "sourceIdentifier": "disclosure@vulncheck.com"}