Unencrypted CWMP Communication Vulnerability in ReyeeOS by Ruijie Networks
CVE-2023-53881

9.2CRITICAL

Key Information:

Vendor

Ruijie

Status
Reyeeos
Vendor
CVE Published:
15 December 2025

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2023-53881?

ReyeeOS 1.204.1614 is susceptible to a man-in-the-middle vulnerability due to its insecure CWMP communication. Attackers can exploit this flaw by creating a counterfeit CWMP server, enabling them to intercept and manipulate device communication. This exploitation allows for the injection and execution of arbitrary commands on devices within the Ruijie Reyee Cloud ecosystem, jeopardizing security and control over affected devices.

Affected Version(s)

ReyeeOS 1.204.1614

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-53881 - Proof of Concept

References

https://www.exploit-db.com/exploits/51642
exploit
https://ruijienetworks.com
product
https://www.vulncheck.com/advisories/reyeeos-man-in-the-m...
third-party-advisory

CVSS V4

Score:
9.2
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Riyan Firmansyah of Seclab
JSON
.
CVE-2023-53881 : Unencrypted CWMP Communication Vulnerability in ReyeeOS by Ruijie Networks