CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47146 – Ruijie Reyee OS Resource Leak
https://notcve.org/view.php?id=CVE-2024-47146
06 Dec 2024 — Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically adjacent and sniffing the RAW WIFI signal. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52324 – Ruijie Reyee OS Use of Inherently Dangerous Function
https://notcve.org/view.php?id=CVE-2024-52324
06 Dec 2024 — Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arbitrary OS commands. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01 • CWE-242: Use of Inherently Dangerous Function •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48874 – Ruijie Reyee OS Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2024-48874
06 Dec 2024 — Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud metadata services. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46874 – Ruijie Reyee OS Improper Handling of Insufficient Permissions or Privileges
https://notcve.org/view.php?id=CVE-2024-46874
06 Dec 2024 — Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could issue commands to other devices on behalf of Ruijie's cloud. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01 • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47791 – Ruijie Reyee OS Improper Neutralization of Wildcards or Matching Symbols
https://notcve.org/view.php?id=CVE-2024-47791
06 Dec 2024 — Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie MQTT broker, and receive partial messages being sent to and from devices. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01 • CWE-155: Improper Neutralization of Wildcards or Matching Symbols •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45722 – Ruijie Reyee OS Use of Weak Credentials
https://notcve.org/view.php?id=CVE-2024-45722
06 Dec 2024 — Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses weak credential mechanism that could allow an attacker to easily calculate MQTT credentials. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01 • CWE-1391: Use of Weak Credentials •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47043 – Ruijie Reyee OS Insecure Storage of Sensitive Information
https://notcve.org/view.php?id=CVE-2024-47043
06 Dec 2024 — Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could enable an attacker to correlate a device serial number and the user's phone number and part of the email address. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51727 – Ruijie Reyee OS Premature Release of Resource During Expected Lifetime
https://notcve.org/view.php?id=CVE-2024-51727
06 Dec 2024 — Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a feature that could enable attackers to invalidate a legitimate user's session and cause a denial-of-service attack on a user's account. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01 • CWE-826: Premature Release of Resource During Expected Lifetime •
CVSS: 9.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47547 – Ruijie Reyee OS Weak Password Recovery Mechanism for Forgotten Password
https://notcve.org/view.php?id=CVE-2024-47547
06 Dec 2024 — Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for its users to change their passwords which leaves authentication vulnerable to brute force attacks. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •