CVE-2024-46874 HIGH

CVE-2024-46874: Ruijie Reyee OS Improper Handling of Insufficient Permissions or Privileges

Vendor Ruijie
Product Reyee OS
Weakness CWE-280
Published December 6, 2024
Last update December 6, 2024

CVSS base score

8.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could issue commands to other devices on behalf of Ruijie's cloud.

Key dates

02Disclosure timeline

December 6, 2024 CVE published
December 6, 2024 Record updated