CVE-2023-53881 CRITICAL

CVE-2023-53881: ReyeeOS 1.204.1614 Man-in-the-Middle Remote Code Execution via CWMP

Vendor Ruijie
Product ReyeeOS
Weakness CWE-319 · Cleartext transmission
Published December 15, 2025
Last update April 7, 2026

CVSS base score

9.2/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

ReyeeOS 1.204.1614 contains an unencrypted CWMP communication vulnerability that allows attackers to intercept and manipulate device communication through a man-in-the-middle attack. Attackers can create a fake CWMP server to inject and execute arbitrary commands on Ruijie Reyee Cloud devices by exploiting the unprotected HTTP polling requests.

Key dates

02Disclosure timeline

December 15, 2025 CVE published
April 7, 2026 Record updated