ReportizFlow
Filtered by vendor Ruijienetworks
Subscriptions
Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47547 | 2 Ruijie, Ruijienetworks | 2 Reyee Os, Reyee Os | 2024-12-10 | 9.4 Critical |
| Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for its users to change their passwords which leaves authentication vulnerable to brute force attacks. | ||||
| CVE-2024-51727 | 1 Ruijienetworks | 1 Reyee Os | 2024-12-10 | 6.5 Medium |
| Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a feature that could enable attackers to invalidate a legitimate user's session and cause a denial-of-service attack on a user's account. | ||||
| CVE-2024-45722 | 2 Ruijie, Ruijienetworks | 2 Reyee Os, Reyee Os | 2024-12-10 | 7.5 High |
| Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses weak credential mechanism that could allow an attacker to easily calculate MQTT credentials. | ||||
| CVE-2024-46874 | 2 Ruijie, Ruijienetworks | 2 Reyee Os, Reyee Os | 2024-12-10 | 8.1 High |
| Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could issue commands to other devices on behalf of Ruijie's cloud. | ||||
| CVE-2024-47146 | 1 Ruijienetworks | 1 Reyee Os | 2024-12-10 | 6.5 Medium |
| Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically adjacent and sniffing the RAW WIFI signal. | ||||
| CVE-2024-47791 | 2 Ruijie, Ruijienetworks | 2 Reyee Os, Reyee Os | 2024-12-10 | 7.5 High |
| Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie MQTT broker, and receive partial messages being sent to and from devices. | ||||
| CVE-2024-48874 | 2 Ruijie, Ruijienetworks | 2 Reyee Os, Reyee Os | 2024-12-10 | 9.8 Critical |
| Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud metadata services. | ||||
| CVE-2024-52324 | 2 Ruijie, Ruijienetworks | 2 Reyee Os, Reyee Os | 2024-12-10 | 9.8 Critical |
| Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arbitrary OS commands. | ||||
| CVE-2024-42494 | 1 Ruijienetworks | 1 Reyee Os | 2024-12-10 | 6.5 Medium |
| Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a a feature that could enable sub accounts or attackers to view and exfiltrate sensitive information from all cloud accounts registered to Ruijie's services | ||||
| CVE-2024-47043 | 2 Ruijie, Ruijienetworks | 2 Reyee Os, Reyee Os | 2024-12-10 | 7.5 High |
| Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could enable an attacker to correlate a device serial number and the user's phone number and part of the email address. | ||||
| CVE-2024-51027 | 1 Ruijienetworks | 1 Rg-nbr Rgos Firmware | 2024-11-25 | 6.5 Medium |
| Ruijie NBR800G gateway NBR_RGOS_11.1(6)B4P9 is vulnerable to command execution in /itbox_pi/networksafe.php via the province parameter. | ||||
| CVE-2023-4415 | 1 Ruijienetworks | 2 Rg-ew1200g, Rg-ew1200g Firmware | 2024-11-21 | 7.3 High |
| A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/sys/login. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-237518 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-3608 | 1 Ruijienetworks | 2 Bcr810w, Bcr810w Firmware | 2024-11-21 | 4.7 Medium |
| A vulnerability was found in Ruijie BCR810W 2.5.10. It has been rated as critical. This issue affects some unknown processing of the component Tracert Page. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-233477 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-34644 | 2 Ruijie, Ruijienetworks | 136 Re-eg1000m, Re-eg1000m Firmware, Rg-eg1000c and 133 more | 2024-11-21 | 9.8 Critical |
| Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers and repeaters EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches SWITCH_3.0(1)B11P218, RG-EG series business VPN routers EG_3.0(1)B11P216, EAP and RAP series wireless access points AP_3.0(1)B11P218, NBC series wireless controllers AC_3.0(1)B11P86 allows unauthorized remote attackers to gain the highest privileges via crafted POST request to /cgi-bin/luci/api/auth. | ||||
| CVE-2023-27796 | 1 Ruijienetworks | 6 Rg-ew1200g Pro, Rg-ew1200g Pro Firmware, Rg-ew1800gx Pro and 3 more | 2024-11-21 | 8.8 High |
| RG-EW1200G PRO Wireless Routers EW_3.0(1)B11P204, RG-EW1800GX PRO Wireless Routers EW_3.0(1)B11P204, and RG-EW3200GX PRO Wireless Routers EW_3.0(1)B11P204 were discovered to contain multiple command injection vulnerabilities via the data.ip, data.protocal, data.iface and data.package parameters in the runPackDiagnose function of diagnose.lua. | ||||
| CVE-2023-26800 | 1 Ruijienetworks | 6 Rg-ew1200, Rg-ew1200 Firmware, Rg-ew1200g Pro and 3 more | 2024-11-21 | 9.8 Critical |
| Ruijie Networks RG-EW1200 Wireless Routers EW_3.0(1)B11P204 was discovered to contain a command injetion vulnerability via the params.path parameter in the upgradeConfirm function. | ||||
| CVE-2022-33128 | 1 Ruijienetworks | 2 Rg-eg350, Rg-eg350 Firmware | 2024-11-21 | 9.1 Critical |
| RG-EG series gateway EG350 EG_RGOS 11.1(6) was discovered to contain a SQL injection vulnerability via the function get_alarmAction at /alarm_pi/alarmService.php. | ||||
| CVE-2022-27983 | 1 Ruijienetworks | 2 Rg-nbr2100g-e, Rg-nbr2100g-e Firmware | 2024-11-21 | 7.5 High |
| RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain an arbitrary file read vulnerability via the url parameter in check.php. | ||||
| CVE-2022-27982 | 1 Ruijienetworks | 2 Rg-nbr2100g-e, Rg-nbr2100g-e Firmware | 2024-11-21 | 9.8 Critical |
| RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain a remote code execution (RCE) vulnerability via the fileName parameter at /guest_auth/cfg/upLoadCfg.php. | ||||
| CVE-2021-43164 | 1 Ruijienetworks | 6 Reyeeos, Rg-ew1200, Rg-ew1200g Pro and 3 more | 2024-11-21 | 8.8 High |
| A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the updateVersion function in /cgi-bin/luci/api/wireless. | ||||