Ruijie Reyee OS Vulnerability Allows MQTT Clients to Send Messages to Other Devices
CVE-2024-46874

9.9CRITICAL

Key Information:

Vendor: Ruijie
Status: Reyee Os
Vendor: CVE Published:; 6 December 2024

What is CVE-2024-46874?

A vulnerability exists in Ruijie Reyee OS versions ranging from 2.206.x to just below 2.320.x that allows MQTT clients with valid device credentials to send messages to sensitive topics. This flaw can result in attackers leveraging these credentials to issue unauthorized commands to network devices through Ruijie's cloud services, potentially leading to significant security breaches.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-3...

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 6, 2024