Remote Code Execution Vulnerability in Ruijie RG-EW300N Firmware by Ruijie Networks
CVE-2024-42936

9.8CRITICAL

Key Information:

Vendor
Ruijie Networks
Status
Ruijie RG-EW300N
Vendor
CVE Published:
21 January 2025

Summary

The Ruijie RG-EW300N device, running firmware ReyeeOS 1.300.1422, is susceptible to a Remote Code Execution exploit triggered by a specially crafted MQTT broker message. This vulnerability could allow an attacker to execute arbitrary code on the device, posing significant risks to network integrity and security. Users of the affected firmware are urged to apply mitigations and updates promptly to secure their devices against potential exploits.

References

https://gist.github.com/smrx86/2008111b12ab47882b3928d0cb...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2024-42936 : Remote Code Execution Vulnerability in Ruijie RG-EW300N Firmware by Ruijie Networks | SecurityVulnerability.io