Ruijienetworks

Reyee Os

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2023-53881

Exploit
  • EPSS 0.04%
  • Veröffentlicht 15.12.2025 20:28:19
  • Zuletzt bearbeitet 18.12.2025 22:38:22

ReyeeOS 1.204.1614 contains an unencrypted CWMP communication vulnerability that allows attackers to intercept and manipulate device communication through a man-in-the-middle attack. Attackers can create a fake CWMP server to inject and execute arbit...

8.8

CVE-2025-56077

Exploit
  • EPSS 0.92%
  • Veröffentlicht 11.12.2025 18:16:20
  • Zuletzt bearbeitet 26.12.2025 14:40:28

OS Command Injection vulnerability in Ruijie RG-RAP2200(E) 247 2200 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua.

9.8

CVE-2024-52324

  • EPSS 0.13%
  • Veröffentlicht 06.12.2024 19:15:13
  • Zuletzt bearbeitet 10.12.2024 19:42:56

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arbitrary OS commands.

7.5

CVE-2024-45722

  • EPSS 0.15%
  • Veröffentlicht 06.12.2024 19:15:12
  • Zuletzt bearbeitet 10.12.2024 19:49:53

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses weak credential mechanism that could allow an attacker to easily calculate MQTT credentials.

9.9

CVE-2024-46874

  • EPSS 0.11%
  • Veröffentlicht 06.12.2024 19:15:12
  • Zuletzt bearbeitet 10.12.2024 19:49:18

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could issue commands to other devices on behalf of Ruijie'...

6.5

CVE-2024-47146

  • EPSS 0.06%
  • Veröffentlicht 06.12.2024 19:15:12
  • Zuletzt bearbeitet 10.12.2024 19:45:51

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically adjacent and sniffing the RAW WIFI signal.

5.3

CVE-2024-47791

  • EPSS 0.15%
  • Veröffentlicht 06.12.2024 19:15:12
  • Zuletzt bearbeitet 10.12.2024 19:44:43

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie MQTT broker, and receive partial messages being sent to and from devices.

9.8

CVE-2024-48874

  • EPSS 0.12%
  • Veröffentlicht 06.12.2024 19:15:12
  • Zuletzt bearbeitet 10.12.2024 19:44:16

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and the...

9.8

CVE-2024-47547

  • EPSS 0.07%
  • Veröffentlicht 06.12.2024 18:15:25
  • Zuletzt bearbeitet 10.12.2024 19:57:32

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for its users to change their passwords which leaves authentication vulnerable to brute force attacks.

7.5

CVE-2024-51727

  • EPSS 0.12%
  • Veröffentlicht 06.12.2024 18:15:25
  • Zuletzt bearbeitet 10.12.2024 19:51:08

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a feature that could enable attackers to invalidate a legitimate user's session and cause a denial-of-service attack on a user's account.