CVE-2020-37015
Published: 29 January 2026
Summary
CVE-2020-37015 is a high-severity Path Traversal (CWE-22) vulnerability. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 32.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).
Deeper analysis
CVE-2020-37015 is a directory traversal vulnerability (CWE-22) in the eWeb management interface of Ruijie Networks Switch running S29_RGOS 11.4. The flaw allows unauthenticated attackers to access sensitive configuration files by manipulating file path parameters in requests to the /download.do endpoint, using '../' sequences to traverse directories and retrieve files containing credentials and network settings. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact with low attack complexity over the network.
Unauthenticated remote attackers can exploit this vulnerability without privileges or user interaction by sending crafted HTTP requests to the affected endpoint. Successful exploitation enables retrieval of critical system configuration files, potentially exposing administrative credentials, network topologies, and other sensitive information that could facilitate further attacks such as lateral movement or privilege escalation within the network.
Advisories from VulnCheck (https://www.vulncheck.com/advisories/ruijie-networks-switch-eweb-srgos-directory-traversal) and the vendor site (https://www.ruijienetworks.com/) provide details on the issue, along with a proof-of-concept exploit available at Exploit-DB (https://www.exploit-db.com/exploits/48755) and analysis at https://faruktuygun.com/directorytraversal.html. Security practitioners should consult these resources for patch availability and mitigation guidance from Ruijie Networks.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-30919
Vulnerability details
The Ruijie Networks Switch eWeb S29_RGOS version 11.4 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by manipulating file path parameters. Attackers can exploit the /download.do endpoint with '../' sequences to retrieve system configuration…
more
files containing credentials and network settings.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Directory traversal in public-facing eWeb interface directly enables T1190 exploitation for unauthenticated file access; retrieved configs expose credentials in files (T1552.001).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces access control policy on the /download.do endpoint so unauthenticated requests cannot retrieve configuration files via path traversal.
Requires validation and sanitization of file-path parameters to reject '../' sequences that enable directory traversal to sensitive files.
Mandates identification and authentication before any access to the eWeb management interface, eliminating the unauthenticated attack vector.