Cybersecurity experts have uncovered serious security issues in the cloud management platform and network devices developed by Ruijie Networks, sparking concerns about the safety of tens of thousands of devices globally. The vulnerabilities, which affect both the Reyee platform and Reyee OS-powered devices, could allow attackers to gain control over connected network appliances.
According to researchers from the security firm Claroty, the flaws provide an avenue for hackers to exploit the platform, potentially compromising an array of cloud-connected devices. “These vulnerabilities could allow a malicious attacker to execute code on any cloud-enabled device,” said Claroty researchers Noam Moshe and Tomer Goldschmidt in their detailed analysis.
Critical Vulnerabilities Identified
Of the ten security flaws discovered, three have been classified as critical, each with a Common Vulnerability Scoring System (CVSS) score above 9.0. Here’s a closer look:
- CVE-2024-47547 (CVSS 9.4): A weak password recovery mechanism leaves authentication susceptible to brute force attacks. This could allow attackers to bypass security measures and gain unauthorized access.
- CVE-2024-48874 (CVSS 9.8): A server-side request forgery (SSRF) vulnerability could give hackers access to Ruijie’s internal cloud services, leveraging AWS metadata services for exploitation.
- CVE-2024-52324 (CVSS 9.8): An unsafe MQTT messaging function could enable attackers to send harmful commands, executing arbitrary operating system code on devices.
Exploiting Weaknesses in MQTT Authentication
Researchers also highlighted a significant flaw in the MQTT authentication system. By simply knowing a device’s serial number (CVE-2024-45722, CVSS 7.5), an attacker could:
- Break authentication protocols.
- Gain access to Ruijie’s MQTT broker.
- Retrieve a list of serial numbers for all cloud-connected devices.
This breach opens the door for further attacks, including denial-of-service (DoS) exploits, false data injection, and the execution of malicious commands on all affected devices. Claroty emphasized the potential scale of these attacks, as hackers could disrupt or manipulate thousands of devices simultaneously.
The “Open Sesame” Attack and Physical Proximity Risks
One particularly alarming discovery is the “Open Sesame” attack (CVE-2024-47146, CVSS 7.5). This exploit enables an attacker physically near a Wi-Fi network using Ruijie access points to extract device serial numbers from intercepted raw Wi-Fi beacons. Once the serial number is obtained, it can be used to exploit other vulnerabilities, such as remote code execution via MQTT communication.
Broader Implications for IoT Device Security
Approximately 50,000 cloud-connected devices were potentially impacted before Ruijie Networks issued fixes for the vulnerabilities. Users do not need to take any action, as the patches were applied directly to the cloud platform. However, this incident highlights the broader risks associated with IoT devices.
“This is yet another reminder of the weak points in IoT devices, like routers and wireless access points, which provide attackers with a way into deeper network infrastructure,” the Claroty researchers warned.
Similar Threats in Automotive Infotainment Systems
This revelation comes amid a separate disclosure by PCAutomotive, a security firm that identified 12 vulnerabilities in the MIB3 infotainment unit used in Skoda vehicles. These flaws allow hackers to:
- Execute code over Bluetooth.
- Track cars in real time.
- Record conversations using in-car microphones.
- Extract contact information.
The Skoda vulnerabilities add to nine previously disclosed issues, demonstrating the ongoing challenges in securing connected technologies in diverse sectors.
Table: Summary of Key Vulnerabilities
| Vulnerability ID | CVSS Score | Impact |
|---|---|---|
| CVE-2024-47547 | 9.4 | Weak password recovery mechanism, vulnerable to brute force attacks. |
| CVE-2024-48874 | 9.8 | SSRF vulnerability, access to internal cloud services. |
| CVE-2024-52324 | 9.8 | Unsafe MQTT messaging, enabling arbitrary command execution. |
| CVE-2024-45722 | 7.5 | Broken MQTT authentication with serial number exploitation. |
| CVE-2024-47146 | 7.5 | Physical proximity exploit leading to remote code execution. |
The growing number of vulnerabilities in IoT devices and connected systems underscores the need for robust security protocols. As researchers continue to uncover flaws, companies must prioritize timely fixes to safeguard users against evolving threats.
