CVE-2024-46874
Ruijie Reyee OS Improper Handling of Insufficient Permissions or Privileges
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could issue commands to other devices on behalf of Ruijie's cloud.
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Ruijie · Reyee OSWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →