Ruijie Reyee OS Exposes Users to Weak Credentials Vulnerability
CVE-2024-45722

7.5HIGH

Key Information:

Vendor: Ruijie
Status: Reyee Os
Vendor: CVE Published:; 6 December 2024

Summary

Ruijie Reyee OS, a networking operating system developed by Ruijie Networks, has been identified to use a weak credential mechanism affecting its MQTT (Message Queuing Telemetry Transport) protocol. This vulnerability allows attackers to potentially derive MQTT credentials easily, which can lead to unauthorized access and exploitation of the network resources. The affected versions span from 2.206.x up to, but not including, 2.320.x. Users of these versions should be aware of the risks and take necessary precautions to secure their systems.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-3...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 6, 2024