Multiple vulnerabilities in Ruijie Reyee OS
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE-ID | CVE-2024-47547 CVE-2024-42494 CVE-2024-51727 CVE-2024-47043 CVE-2024-45722 CVE-2024-47791 CVE-2024-46874 CVE-2024-48874 CVE-2024-52324 CVE-2024-47146 |
| CWE-ID | CWE-640 CWE-200 CWE-826 CWE-922 CWE-1391 CWE-155 CWE-264 CWE-918 CWE-242 CWE-402 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Reyee OS Operating systems & Components / Operating system |
| Vendor | Ruijie Networks |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) Weak Password Recovery Mechanism for Forgotten Password
EUVDB-ID: #VU101195
Risk: High
CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47547
CWE-ID:
CWE-640 - Weak password recovery mechanism
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to a weak password recovery mechanism for password change. A remote attacker can perform a brute-force attack and gain access to the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsReyee OS: 2.206.0
CPE2.3- cpe:2.3:o:ruijie_networks:reyee_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:ruijie_networks:reyee_os:2.206.0:*:*:*:*:*:*:*
http://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU101196
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42494
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote user can view and exfiltrate sensitive information from all cloud accounts registered to Ruijie's services.
MitigationInstall updates from vendor's website.
Vulnerable software versionsReyee OS: 2.206.0
CPE2.3- cpe:2.3:o:ruijie_networks:reyee_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:ruijie_networks:reyee_os:2.206.0:*:*:*:*:*:*:*
http://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Premature Release of Resource During Expected Lifetime
EUVDB-ID: #VU101197
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-51727
CWE-ID:
CWE-826 - Premature Release of Resource During Expected Lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to premature release of resource during expected lifetime. A remote user can invalidate a legitimate user's session and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsReyee OS: 2.206.0
CPE2.3- cpe:2.3:o:ruijie_networks:reyee_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:ruijie_networks:reyee_os:2.206.0:*:*:*:*:*:*:*
http://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Insecure Storage of Sensitive Information
EUVDB-ID: #VU101198
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47043
CWE-ID:
CWE-922 - Insecure Storage of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to insecure storage of sensitive information. A remote attacker can correlate a device serial number and the user's phone number and part of the email address.
MitigationInstall updates from vendor's website.
Vulnerable software versionsReyee OS: 2.206.0
CPE2.3- cpe:2.3:o:ruijie_networks:reyee_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:ruijie_networks:reyee_os:2.206.0:*:*:*:*:*:*:*
http://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use of Weak Credentials
EUVDB-ID: #VU101199
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-45722
CWE-ID:
CWE-1391 - Use of Weak Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to use of weak credential mechanism. A remote attacker can calculate MQTT credentials.
MitigationInstall updates from vendor's website.
Vulnerable software versionsReyee OS: 2.206.0
CPE2.3- cpe:2.3:o:ruijie_networks:reyee_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:ruijie_networks:reyee_os:2.206.0:*:*:*:*:*:*:*
http://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper neutralization of wildcards or matching symbols
EUVDB-ID: #VU101200
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47791
CWE-ID:
CWE-155 - Improper Neutralization of Wildcards or Matching Symbols
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to improper neutralization of wildcards or matching symbols. A remote attacker can subscribe to partial possible topics in Ruijie MQTT broker and gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsReyee OS: 2.206.0
CPE2.3- cpe:2.3:o:ruijie_networks:reyee_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:ruijie_networks:reyee_os:2.206.0:*:*:*:*:*:*:*
http://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU101201
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46874
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to improper handling of insufficient permissions or privileges. A remote attacker can issue commands to other devices on behalf of Ruijie's cloud.
MitigationInstall updates from vendor's website.
Vulnerable software versionsReyee OS: 2.206.0
CPE2.3- cpe:2.3:o:ruijie_networks:reyee_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:ruijie_networks:reyee_os:2.206.0:*:*:*:*:*:*:*
http://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Server-Side Request Forgery (SSRF)
EUVDB-ID: #VU101203
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-48874
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsReyee OS: 2.206.0
CPE2.3- cpe:2.3:o:ruijie_networks:reyee_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:ruijie_networks:reyee_os:2.206.0:*:*:*:*:*:*:*
http://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use of Inherently Dangerous Function
EUVDB-ID: #VU101204
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-52324
CWE-ID:
CWE-242 - Use of Inherently Dangerous Function
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to use of inherently dangerous function. A remote attacker can send a specially crafted MQTT message and execute arbitrary OS commands on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsReyee OS: 2.206.0
CPE2.3- cpe:2.3:o:ruijie_networks:reyee_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:ruijie_networks:reyee_os:2.206.0:*:*:*:*:*:*:*
http://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Transmission of Private Resources into a New Sphere ('Resource Leak')
EUVDB-ID: #VU101208
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47146
CWE-ID:
CWE-402 - Transmission of Private Resources into a New Sphere ('Resource Leak')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to the resource leak issue. A remote attacker on the local network can obtain the devices serial number.
MitigationInstall updates from vendor's website.
Vulnerable software versionsReyee OS: 2.206.0
CPE2.3- cpe:2.3:o:ruijie_networks:reyee_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:ruijie_networks:reyee_os:2.206.0:*:*:*:*:*:*:*
http://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
