Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could issue commands to other devices on behalf of Ruijie's cloud.
Metrics
Affected Vendors & Products
References
History
Tue, 10 Dec 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Ruijienetworks
Ruijienetworks reyee Os |
|
CPEs | cpe:2.3:o:ruijienetworks:reyee_os:*:*:*:*:*:*:*:* | |
Vendors & Products |
Ruijienetworks
Ruijienetworks reyee Os |
Fri, 06 Dec 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Ruijie
Ruijie reyee Os |
|
CPEs | cpe:2.3:o:ruijie:reyee_os:*:*:*:*:*:*:*:* | |
Vendors & Products |
Ruijie
Ruijie reyee Os |
|
Metrics |
ssvc
|
Fri, 06 Dec 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could issue commands to other devices on behalf of Ruijie's cloud. | |
Title | Ruijie Reyee OS Improper Handling of Insufficient Permissions or Privileges | |
Weaknesses | CWE-280 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: icscert
Published: 2024-12-06T18:18:23.553Z
Updated: 2024-12-06T20:39:58.690Z
Reserved: 2024-11-20T23:41:59.171Z
Link: CVE-2024-46874
Vulnrichment
Updated: 2024-12-06T19:20:29.397Z
NVD
Status : Analyzed
Published: 2024-12-06T19:15:12.450
Modified: 2024-12-10T19:49:18.773
Link: CVE-2024-46874
Redhat
No data.