Ruijie Networks Reyee OS 2.206.0

CPE Details

Ruijie Networks Reyee OS 2.206.0
2.206.0
2024-12-26 15:01 +00:00
2024-12-26 15:01 +00:00

Alerte pour un CPE

Stay informed of any changes for a specific CPE.
Alert management

CPE Name: cpe:2.3:o:ruijienetworks:reyee_os:2.206.0:*:*:*:*:*:*:*

Informations

Vendor

ruijienetworks

Product

reyee_os

Version

2.206.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-47146 2024-12-06 18:27 +00:00 Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically adjacent and sniffing the RAW WIFI signal.
7.1
HIGH
CVE-2024-52324 2024-12-06 18:25 +00:00 Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arbitrary OS commands.
9.2
CRITICAL
CVE-2024-48874 2024-12-06 18:22 +00:00 Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud metadata services.
9.3
CRITICAL
CVE-2024-46874 2024-12-06 18:18 +00:00 Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could issue commands to other devices on behalf of Ruijie's cloud.
9.2
CRITICAL
CVE-2024-47791 2024-12-06 18:16 +00:00 Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie MQTT broker, and receive partial messages being sent to and from devices.
8.7
HIGH
CVE-2024-45722 2024-12-06 18:13 +00:00 Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses weak credential mechanism that could allow an attacker to easily calculate MQTT credentials.
8.7
HIGH
CVE-2024-47043 2024-12-06 18:12 +00:00 Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could enable an attacker to correlate a device serial number and the user's phone number and part of the email address.
8.7
HIGH
CVE-2024-51727 2024-12-06 18:10 +00:00 Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a feature that could enable attackers to invalidate a legitimate user's session and cause a denial-of-service attack on a user's account.
7.1
HIGH
CVE-2024-42494 2024-12-06 18:05 +00:00 Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a a feature that could enable sub accounts or attackers to view and exfiltrate sensitive information from all cloud accounts registered to Ruijie's services
7.1
HIGH
CVE-2024-47547 2024-12-06 18:00 +00:00 Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for its users to change their passwords which leaves authentication vulnerable to brute force attacks.
9.3
CRITICAL