Ruijie’s Cloud Blunder: 50,000 Devices Open to Attack!

Vulnerabilities in the Reyee cloud management platform might let hackers waltz into tens of thousands of devices. With serial numbers as weak as a wet noodle, hackers could play “Open Sesame” with Ruijie devices, potentially triggering chaos. Claroty flagged 10 issues, including three critical, but Ruijie says they’ve fixed up nicely.

3P
Published: December 13, 2024 3:49 pmAdded: December 13, 2024 at 8:16 amAssembled by: The Editor
Pro Dashboard

Hot Take:

It seems Ruijie Networks may have taken the whole “cloud management” concept a bit too literally, allowing anyone with a knack for guessing sequential serial numbers to join the party. Who knew managing a network could be as easy as cracking a fortune cookie?

Key Points:

  • Reyee devices vulnerable due to weak MQTT authentication.
  • Serial numbers can be exploited for unauthorized access.
  • Attackers can perform denial-of-service and RCE attacks.
  • Critical vulnerabilities reported include CVE-2024-47547, CVE-2024-48874, and CVE-2024-52324.
  • Ruijie has patched the vulnerabilities, and no user action is required.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?