Approved changes feed: RSS · Atom
cpe:2.3:o:ruijienetworks:reyee_os:*:*:*:*:*:*:*:*
part: o version: * update: *
| Vendor | Ruijienetworks (4d5de9b2-42a2-590c-b1bb-1ff02f78958d) |
|---|---|
| Product | Reyee Os (532af305-7bde-5133-b01b-45b594b1522b) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-52324 |
vulnerable | 2026-06-03 14:57:29.058347 |
Ruijie Reyee OS Use of Inherently Dangerous Function
CRITICAL (9.8)
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arbitrary OS commands.
Published: 2024-12-06T18:25:06.031Z
Updated: 2024-12-06T20:24:31.142Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-51727 |
vulnerable | 2026-06-03 14:57:26.592475 |
Ruijie Reyee OS Premature Release of Resource During Expected Lifetime
MEDIUM (6.5)
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a feature that could enable attackers to invalidate a legitimate user's session and cause a denial-of-service attack on a user's account.
Published: 2024-12-06T18:10:06.232Z
Updated: 2024-12-06T20:25:37.520Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-48874 |
vulnerable | 2026-06-03 14:57:10.725841 |
Ruijie Reyee OS Server-Side Request Forgery
CRITICAL (9.8)
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud metadata services.
Published: 2024-12-06T18:22:15.725Z
Updated: 2024-12-06T20:39:47.635Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47791 |
vulnerable | 2026-06-03 14:57:02.305866 |
Ruijie Reyee OS Improper Neutralization of Wildcards or Matching Symbols
HIGH (7.5)
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie MQTT broker, and receive partial messages being sent to and from devices.
Published: 2024-12-06T18:16:07.652Z
Updated: 2024-12-06T20:40:14.508Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47547 |
vulnerable | 2026-06-03 14:57:01.711909 |
Ruijie Reyee OS Weak Password Recovery Mechanism for Forgotten Password
CRITICAL (9.4)
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for its users to change their passwords which leaves authentication vulnerable to brute force attacks.
Published: 2024-12-06T18:00:24.657Z
Updated: 2024-12-06T20:41:43.823Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47146 |
vulnerable | 2026-06-03 14:57:00.757271 |
Ruijie Reyee OS Resource Leak
MEDIUM (6.5)
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically adjacent and sniffing the RAW WIFI signal.
Published: 2024-12-06T18:27:15.848Z
Updated: 2024-12-06T20:21:34.147Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47043 |
vulnerable | 2026-06-03 14:57:00.514316 |
Ruijie Reyee OS Insecure Storage of Sensitive Information
HIGH (7.5)
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could enable an attacker to correlate a device serial number and the user's phone number and part of the email address.
Published: 2024-12-06T18:12:13.447Z
Updated: 2024-12-06T20:41:32.985Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-46874 |
vulnerable | 2026-06-03 14:57:00.015690 |
Ruijie Reyee OS Improper Handling of Insufficient Permissions or Privileges
HIGH (8.1)
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could issue commands to other devices on behalf of Ruijie's cloud.
Published: 2024-12-06T18:18:23.553Z
Updated: 2024-12-06T20:39:58.690Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45722 |
vulnerable | 2026-06-03 14:56:58.578858 |
Ruijie Reyee OS Use of Weak Credentials
HIGH (7.5)
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses weak credential mechanism that could allow an attacker to easily calculate MQTT credentials.
Published: 2024-12-06T18:13:43.763Z
Updated: 2024-12-06T20:40:23.216Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-42494 |
vulnerable | 2026-06-03 14:56:42.752328 |
Ruijie Reyee OS Exposure of Private Personal Information to an Unauthorized Actor
MEDIUM (6.5)
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a a feature that could enable sub accounts or attackers to view and exfiltrate sensitive information from all cloud accounts registered to Ruijie's services
Published: 2024-12-06T18:05:35.351Z
Updated: 2024-12-06T20:25:52.000Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.