CVE-2025-34057

Ruijie NBR Router Administrative Credential Disclosure

Description

An information disclosure vulnerability exists in Ruijie NBR series routers (known to affect NBR2000G, NBR1300G, and NBR1000 models) via the /WEB_VMS/LEVEL15/ endpoint. By crafting a specific POST request with modified Cookie headers and specially formatted parameters, an unauthenticated attacker can retrieve administrative account credentials in plaintext. This flaw allows direct disclosure of sensitive user data due to improper authentication checks and insecure backend logic. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.

INFO

Published Date :

2025-07-02T13:43:52.935Z

Last Modified :

2025-11-13T19:08:30.586Z

Source :

VulnCheck

AFFECTED PRODUCTS

The following products are affected by CVE-2025-34057 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-34057.

URL	Resource
https://vulncheck.com/advisories/ruijie-nbr-router-administrative-credential-disclosure
https://vulners.com/seebug/SSV:89107
https://www.seebug.org/vuldb/ssvid-89107

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability