CVE-2024-46874: Ruijie Reyee OS Improper Handling of Insufficient Permissions or Privileges

8.1 CVSS

Description

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could issue commands to other devices on behalf of Ruijie's cloud.

Classification

CVE ID: CVE-2024-46874

CVSS Base Severity: HIGH

CVSS Base Score: 8.1

Affected Products

Vendor: Ruijie

Product: Reyee OS

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 21.56% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01

Timeline

2024-12-07 00:31:23 UTC
CVE

Ruijie Reyee OS Improper Handling of Insufficient Permissions or Privileges