Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could issue commands to other devices on behalf of Ruijie's cloud.
History

Tue, 10 Dec 2024 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Ruijienetworks
Ruijienetworks reyee Os
CPEs cpe:2.3:o:ruijienetworks:reyee_os:*:*:*:*:*:*:*:*
Vendors & Products Ruijienetworks
Ruijienetworks reyee Os

Fri, 06 Dec 2024 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Ruijie
Ruijie reyee Os
CPEs cpe:2.3:o:ruijie:reyee_os:*:*:*:*:*:*:*:*
Vendors & Products Ruijie
Ruijie reyee Os
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 06 Dec 2024 18:30:00 +0000

Type Values Removed Values Added
Description Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could issue commands to other devices on behalf of Ruijie's cloud.
Title Ruijie Reyee OS Improper Handling of Insufficient Permissions or Privileges
Weaknesses CWE-280
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2024-12-06T18:18:23.553Z

Updated: 2024-12-06T20:39:58.690Z

Reserved: 2024-11-20T23:41:59.171Z

Link: CVE-2024-46874

cve-icon Vulnrichment

Updated: 2024-12-06T19:20:29.397Z

cve-icon NVD

Status : Analyzed

Published: 2024-12-06T19:15:12.450

Modified: 2024-12-10T19:49:18.773

Link: CVE-2024-46874

cve-icon Redhat

No data.