In December 2024, cybersecurity researchers from Claroty uncovered critical vulnerabilities in Ruijie Networks’ Reyee cloud management platform and Reyee OS network devices. These flaws could have allowed attackers to remotely execute code, potentially compromising approximately 50,000 cloud-connected devices.
Key Vulnerabilities Identified:
- CVE-2024-47547: A weak password recovery mechanism susceptible to brute-force attacks.
- CVE-2024-48874: A server-side request forgery (SSRF) vulnerability enabling unauthorized access to internal services via AWS cloud metadata.
- CVE-2024-52324: An unsafe function allowing malicious MQTT messages to execute arbitrary OS commands on devices.
Additionally, the “Open Sesame” attack was identified, where an attacker in close proximity could exploit these vulnerabilities to gain unauthorized network access. Claroty
Upon responsible disclosure, Ruijie Networks promptly addressed these issues. The company implemented fixes within their cloud infrastructure, ensuring that no user action is required. To date, there have been no reports of these vulnerabilities being exploited in the wild.
This incident underscores the importance of robust security measures in IoT devices and cloud platforms. Organizations are advised to stay informed about potential vulnerabilities and ensure their devices receive timely updates to mitigate security risks.
For detailed technical insights, refer to Claroty’s comprehensive analysis.
