Vulnerabilities in Ruijie Networks’ Cloud Platform May Allow Remote Attacks on 50,000 Devices

Global
Vulnerabilities in Ruijie Networks’ Cloud Platform May Allow Remote Attacks on 50,000 Devices

Published:

Written by: Staff Editor
spot_img

Major Vulnerabilities Discovered in Ruijie Networks Cloud Management Platform: A Call for Enhanced Cybersecurity Measures

Major Security Flaws Discovered in Ruijie Networks’ Cloud Management Platform

December 25, 2024 — Ravie Lakshmanan

Cybersecurity experts from Claroty have uncovered a series of alarming vulnerabilities within the cloud management platform of Ruijie Networks, potentially exposing thousands of users to critical cyber threats. The vulnerabilities specifically impact both the Reyee platform and Reyee OS network devices, allowing an attacker to exert control over tens of thousands of cloud-enabled devices.

In their recent security analysis, researchers Noam Moshe and Tomer Goldschmidt identified 10 distinct vulnerabilities, three of which have been categorized as critical. The most concerning flaws include a weak password recovery mechanism (CVE-2024-47547) and a Server-Side Request Forgery (SSRF) vulnerability (CVE-2024-48874), both of which have CVSS scores nearing the maximum of 10. Exploitation of these issues could lead malicious actors to execute arbitrary code on cloud-connected devices, with devastating consequences.

Additionally, the researchers described an innovative attack method dubbed "Open Sesame," allowing attackers to potentially gain unauthorized access by physically proximity hacking an access point. This technique exploits a device’s serial number to facilitate a range of attacks— including Denial-of-Service and unauthorized commands sent to devices.

Crucially, Ruijie Networks has taken prompt action to address these vulnerabilities, announcing that all identified flaws have been patched with no user intervention required. Approximately 50,000 devices connected to the cloud may have been vulnerable prior to the updates.

This discovery highlights ongoing vulnerabilities in Internet-of-Things (IoT) devices, particularly those with minimal security measures yet capable of inciting significant network attacks. In related news, PCAutomotive reported vulnerabilities in the MIB3 infotainment system in certain Skoda vehicles, further underscoring the urgent need for rigorous security evaluations across connected devices in our increasingly digital world.

spot_img

Related articles

Recent articles

Webinar: Uncovering Suspicious APK Files in Wedding Card and Loan App Scams

Fact Check
The surge of malicious APK files in cyber fraud schemes, such as fake wedding invitations and instant loan applications, has become a growing concern....
Read more

Skylon Partners with COBNB to Launch COBNB+ Featuring L’Occitane en Provence Hotel Amenities

Regional
Skylon Partners with COBNB for a Luxurious Hospitality Experience in Kuala Lumpur Introduction to the New Partnership In an exciting development for the hospitality scene in...
Read more

Understanding CISA KEV: Key Insights and Tools for Security Teams

Resources
Understanding the CISA Known Exploited Vulnerability (KEV) Catalog The Cybersecurity and Infrastructure Security Agency (CISA) maintains the Known Exploited Vulnerability (KEV) catalog, a resource designed...
Read more

Dark Web Leak Sparks WFH Job Scams; Prayagraj Police Freeze ₹2 Crore in Fraudulent Funds

Dark Watch
Rising Cybercrime in Prayagraj: A New Target Shifting Tactics of Cybercriminals In Prayagraj, the landscape of cybercrime is evolving. Previously, scammers predominantly targeted victims through enticing...
Read more
Sign up to the Newsletter and never miss out on the latest news!
Join the Cyber Warriors community and get Insider Tips & Tricks to defend your digital assets.

© Cyberwarriorsmiddleeast.com