Reyee Os Security Vulnerabilities and Issues — Reyee Os CVE List

Lucene search

RuijienetworksReyee Os

10 matches found

CVE•added 2024/12/06 6:15 p.m.•88 views

CVE-2024-47547

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for its users to change their passwords which leaves authentication vulnerable to brute force attacks.

9.8CVSS9.4AI score0.00167EPSS

CVE•added 2024/12/06 7:15 p.m.•69 views

CVE-2024-52324

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arbitrary OS commands.

9.8CVSS9.4AI score0.00139EPSS

CVE•added 2024/12/06 7:15 p.m.•67 views

CVE-2024-48874

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud me...

9.8CVSS9.4AI score0.0013EPSS

CVE•added 2024/12/06 6:15 p.m.•65 views

CVE-2024-42494

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a a feature that could enable sub accounts or attackers to view and exfiltrate sensitive information from all cloud accounts registered to Ruijie's services

7.5CVSS6.3AI score0.00068EPSS

CVE•added 2024/12/06 7:15 p.m.•60 views

CVE-2024-47791

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie MQTT broker, and receive partial messages being sent to and from devices.

8.7CVSS7.3AI score0.00087EPSS

CVE•added 2024/12/06 7:15 p.m.•58 views

CVE-2024-45722

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses weak credential mechanism that could allow an attacker to easily calculate MQTT credentials.

8.7CVSS7.5AI score0.00096EPSS

CVE•added 2024/12/06 7:15 p.m.•54 views

CVE-2024-46874

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could issue commands to other devices on behalf of Ruijie's cloud.

9.9CVSS8.2AI score0.00084EPSS

CVE•added 2024/12/06 6:15 p.m.•53 views

CVE-2024-47043

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could enable an attacker to correlate a device serial number and the user's phone number and part of the email address.

8.7CVSS7.4AI score0.00087EPSS

CVE•added 2024/12/06 7:15 p.m.•51 views

CVE-2024-47146

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically adjacent and sniffing the RAW WIFI signal.

7.1CVSS6.5AI score0.0003EPSS

CVE•added 2024/12/06 6:15 p.m.•50 views

CVE-2024-51727

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a feature that could enable attackers to invalidate a legitimate user's session and cause a denial-of-service attack on a user's account.

7.5CVSS6.4AI score0.00088EPSS