Vulnerabilities in Ruijie Networks’ Cloud Platform May Allow Remote Attacks on 50,000 Devices

Published:

spot_img

Major Vulnerabilities Discovered in Ruijie Networks Cloud Management Platform: A Call for Enhanced Cybersecurity Measures

Major Security Flaws Discovered in Ruijie Networks’ Cloud Management Platform

December 25, 2024 — Ravie Lakshmanan

Cybersecurity experts from Claroty have uncovered a series of alarming vulnerabilities within the cloud management platform of Ruijie Networks, potentially exposing thousands of users to critical cyber threats. The vulnerabilities specifically impact both the Reyee platform and Reyee OS network devices, allowing an attacker to exert control over tens of thousands of cloud-enabled devices.

In their recent security analysis, researchers Noam Moshe and Tomer Goldschmidt identified 10 distinct vulnerabilities, three of which have been categorized as critical. The most concerning flaws include a weak password recovery mechanism (CVE-2024-47547) and a Server-Side Request Forgery (SSRF) vulnerability (CVE-2024-48874), both of which have CVSS scores nearing the maximum of 10. Exploitation of these issues could lead malicious actors to execute arbitrary code on cloud-connected devices, with devastating consequences.

Additionally, the researchers described an innovative attack method dubbed "Open Sesame," allowing attackers to potentially gain unauthorized access by physically proximity hacking an access point. This technique exploits a device’s serial number to facilitate a range of attacks— including Denial-of-Service and unauthorized commands sent to devices.

Crucially, Ruijie Networks has taken prompt action to address these vulnerabilities, announcing that all identified flaws have been patched with no user intervention required. Approximately 50,000 devices connected to the cloud may have been vulnerable prior to the updates.

This discovery highlights ongoing vulnerabilities in Internet-of-Things (IoT) devices, particularly those with minimal security measures yet capable of inciting significant network attacks. In related news, PCAutomotive reported vulnerabilities in the MIB3 infotainment system in certain Skoda vehicles, further underscoring the urgent need for rigorous security evaluations across connected devices in our increasingly digital world.

spot_img

Related articles

Recent articles

Attackers Exploit Spoofed OAuth Client IDs to Stealthily Enumerate Credentials at Scale

Attackers Exploit Spoofed OAuth Client IDs to Stealthily Enumerate Credentials at Scale Recent investigations by cybersecurity researchers have unveiled a series of sophisticated campaigns where...

AI Management Emerges as a Crucial Priority Over Development, Asserts UiPath Executive

AI Management Emerges as a Crucial Priority Over Development, Asserts UiPath Executive As organizations in the UAE and Saudi Arabia advance in their artificial intelligence...

Digital Forensics Strengthens Case Against Jason Cunningham in £113,000 Property Investment Fraud

Digital Forensics Strengthens Case Against Jason Cunningham in £113,000 Property Investment Fraud A significant property investment fraud case in the United Kingdom has highlighted the...

CISA Issues Critical Lessons Following Six-Month GitHub Data Leak

CISA Issues Critical Lessons Following Six-Month GitHub Data Leak The Cybersecurity and Infrastructure Security Agency (CISA) has released a detailed postmortem regarding a significant data...