CVE-2025-34057 is a critical information disclosure vulnerability in Ruijie NBR series routers (models NBR2000G, NBR1300G, and NBR1000). The vulnerability stems from missing authentication on the /WEB_VMS/LEVEL15/ endpoint, which allows unauthenticated attackers to craft specific POST requests with manipulated Cookie headers and specially formatted parameters. This flaw enables attackers to retrieve administrative account credentials in plaintext, bypassing any authentication mechanisms due to improper backend logic and lack of access control. The vulnerability is classified under CWE-306 (Missing Authentication for Critical Function), indicating a fundamental security design failure. The CVSS 4.0 base score is 8.7, reflecting a network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and high impact on confidentiality (VC:H) with no impact on integrity or availability. The Shadowserver Foundation observed exploitation attempts on 2025-02-05, confirming active targeting. The vulnerability affects all versions of the specified models, with no patches currently available. The exposure of administrative credentials can lead to full device compromise, enabling attackers to manipulate router configurations, intercept or redirect traffic, and pivot into internal networks. The flaw's exploitation requires only network access to the device's management interface, making it highly dangerous in poorly segmented or exposed environments.

For European organizations, this vulnerability poses a significant risk to network security and data confidentiality. Compromise of administrative credentials on Ruijie NBR routers can lead to unauthorized configuration changes, interception of sensitive communications, and lateral movement within corporate or critical infrastructure networks. Given that these routers are often deployed in enterprise, government, and industrial environments, exploitation could disrupt operations, leak confidential information, and facilitate further attacks such as ransomware or espionage. The lack of authentication requirement and plaintext credential disclosure increase the likelihood of successful exploitation, especially in environments where these devices are accessible from less secure network segments or exposed to the internet. The impact extends beyond individual organizations to national critical infrastructure sectors relying on these devices for secure communications. Additionally, the absence of available patches increases the window of exposure, necessitating immediate compensating controls.

1. Immediately restrict network access to the management interfaces of Ruijie NBR routers, ensuring they are not accessible from untrusted networks or the internet. 2. Implement strict network segmentation and firewall rules to isolate router management traffic to trusted administrative hosts only. 3. Monitor network traffic for unusual POST requests targeting the /WEB_VMS/LEVEL15/ endpoint, especially those with suspicious Cookie header modifications. 4. Enforce strong authentication and access control policies on all network devices, and consider multi-factor authentication where supported. 5. Regularly audit router configurations and logs for signs of unauthorized access or credential leakage. 6. Engage with Ruijie support channels to obtain security advisories and patches as soon as they become available, and plan for rapid deployment. 7. Consider temporary replacement or additional security layers such as VPNs or jump hosts for router management until patches are applied. 8. Educate network administrators about this vulnerability and the importance of safeguarding router credentials and management interfaces.