Vulnerabilities in Ruijie Networks’ Cloud Platform May Allow Remote Attacks on 50,000 Devices

Global
Vulnerabilities in Ruijie Networks’ Cloud Platform May Allow Remote Attacks on 50,000 Devices

Published:

Written by: Staff Editor
spot_img

Major Vulnerabilities Discovered in Ruijie Networks Cloud Management Platform: A Call for Enhanced Cybersecurity Measures

Major Security Flaws Discovered in Ruijie Networks’ Cloud Management Platform

December 25, 2024 — Ravie Lakshmanan

Cybersecurity experts from Claroty have uncovered a series of alarming vulnerabilities within the cloud management platform of Ruijie Networks, potentially exposing thousands of users to critical cyber threats. The vulnerabilities specifically impact both the Reyee platform and Reyee OS network devices, allowing an attacker to exert control over tens of thousands of cloud-enabled devices.

In their recent security analysis, researchers Noam Moshe and Tomer Goldschmidt identified 10 distinct vulnerabilities, three of which have been categorized as critical. The most concerning flaws include a weak password recovery mechanism (CVE-2024-47547) and a Server-Side Request Forgery (SSRF) vulnerability (CVE-2024-48874), both of which have CVSS scores nearing the maximum of 10. Exploitation of these issues could lead malicious actors to execute arbitrary code on cloud-connected devices, with devastating consequences.

Additionally, the researchers described an innovative attack method dubbed "Open Sesame," allowing attackers to potentially gain unauthorized access by physically proximity hacking an access point. This technique exploits a device’s serial number to facilitate a range of attacks— including Denial-of-Service and unauthorized commands sent to devices.

Crucially, Ruijie Networks has taken prompt action to address these vulnerabilities, announcing that all identified flaws have been patched with no user intervention required. Approximately 50,000 devices connected to the cloud may have been vulnerable prior to the updates.

This discovery highlights ongoing vulnerabilities in Internet-of-Things (IoT) devices, particularly those with minimal security measures yet capable of inciting significant network attacks. In related news, PCAutomotive reported vulnerabilities in the MIB3 infotainment system in certain Skoda vehicles, further underscoring the urgent need for rigorous security evaluations across connected devices in our increasingly digital world.

spot_img

Related articles

Recent articles

Leaked iPhone Hacking Tool Hits Dark Web: Government Resource in the Hands of Cyber Criminals

Dark Watch
Cybersecurity Alert: Hacking Toolkit Coruna Falls into Criminal Hands In a troubling development, security researchers have revealed that a sophisticated hacking toolkit, initially linked to...
Read more

149 DDoS Attacks Target 110 Organizations Across 16 Countries in Wake of Middle East Conflict

Global
Surge in Hacktivist Activity Amid U.S.-Israel Military Actions Recent developments in cybersecurity have raised alarms among experts regarding a notable uptick in hacktivist operations. This...
Read more

Ajman Ruler Enacts Law for Managing Lost and Abandoned Property

Regional
New Law on Lost and Abandoned Property in Ajman Introduction of Law No. (2) of 2026 His Highness Sheikh Humaid bin Rashid Al Nuaimi, the Ruler...
Read more

Mobile Banking Evolution: Access Your CIBIL Score Instantly

Fact Check
New Delhi | The digital banking landscape in India is evolving at an astonishing pace, significantly altering how customers interact with their financial institutions....
Read more
Sign up to the Newsletter and never miss out on the latest news!
Join the Cyber Warriors community and get Insider Tips & Tricks to defend your digital assets.

© Cyberwarriorsmiddleeast.com