Ruijie Reyee OS vulnerability allows for arbitrary OS commands execution
CVE-2024-52324
9.8CRITICAL
Summary
Ruijie Networks' Reyee OS versions ranging from 2.206.x to versions prior to 2.320.x are affected by a vulnerability that utilizes an unsafe function, permitting attackers to send crafted MQTT messages. This can potentially lead to arbitrary execution of commands on the devices, compromising their integrity and security. Organizations using these affected versions should evaluate their exposure to this vulnerability and implement necessary security measures to mitigate risk.
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published