CVE-2024-46874

Summary

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could issue commands to other devices on behalf of Ruijie's cloud.

Affected Software

VendorProductVersion RangeStatus
RuijieReyee OS2.206.x < 2.320.xaffected

Weaknesses

  • CWE-280: CWE-280

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References