Filtered by vendor Ruijienetworks
Subscribe
Total
20 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-47547 | 1 Ruijienetworks | 1 Reyee Os | 2024-12-10 | N/A | 9.4 CRITICAL |
| Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for its users to change their passwords which leaves authentication vulnerable to brute force attacks. | |||||
| CVE-2024-51727 | 1 Ruijienetworks | 1 Reyee Os | 2024-12-10 | N/A | 6.5 MEDIUM |
| Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a feature that could enable attackers to invalidate a legitimate user's session and cause a denial-of-service attack on a user's account. | |||||
| CVE-2024-45722 | 1 Ruijienetworks | 1 Reyee Os | 2024-12-10 | N/A | 7.5 HIGH |
| Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses weak credential mechanism that could allow an attacker to easily calculate MQTT credentials. | |||||
| CVE-2024-46874 | 1 Ruijienetworks | 1 Reyee Os | 2024-12-10 | N/A | 8.1 HIGH |
| Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could issue commands to other devices on behalf of Ruijie's cloud. | |||||
| CVE-2024-47146 | 1 Ruijienetworks | 1 Reyee Os | 2024-12-10 | N/A | 6.5 MEDIUM |
| Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically adjacent and sniffing the RAW WIFI signal. | |||||
| CVE-2024-47791 | 1 Ruijienetworks | 1 Reyee Os | 2024-12-10 | N/A | 7.5 HIGH |
| Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie MQTT broker, and receive partial messages being sent to and from devices. | |||||
| CVE-2024-48874 | 1 Ruijienetworks | 1 Reyee Os | 2024-12-10 | N/A | 9.8 CRITICAL |
| Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud metadata services. | |||||
| CVE-2024-52324 | 1 Ruijienetworks | 1 Reyee Os | 2024-12-10 | N/A | 9.8 CRITICAL |
| Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arbitrary OS commands. | |||||
| CVE-2024-42494 | 1 Ruijienetworks | 1 Reyee Os | 2024-12-10 | N/A | 6.5 MEDIUM |
| Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a a feature that could enable sub accounts or attackers to view and exfiltrate sensitive information from all cloud accounts registered to Ruijie's services | |||||
| CVE-2024-47043 | 1 Ruijienetworks | 1 Reyee Os | 2024-12-10 | N/A | 7.5 HIGH |
| Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could enable an attacker to correlate a device serial number and the user's phone number and part of the email address. | |||||
| CVE-2023-3608 | 1 Ruijienetworks | 2 Bcr810w, Bcr810w Firmware | 2024-11-21 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in Ruijie BCR810W 2.5.10. It has been rated as critical. This issue affects some unknown processing of the component Tracert Page. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-233477 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2022-33128 | 1 Ruijienetworks | 2 Rg-eg350, Rg-eg350 Firmware | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| RG-EG series gateway EG350 EG_RGOS 11.1(6) was discovered to contain a SQL injection vulnerability via the function get_alarmAction at /alarm_pi/alarmService.php. | |||||
| CVE-2022-27983 | 1 Ruijienetworks | 2 Rg-nbr2100g-e, Rg-nbr2100g-e Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain an arbitrary file read vulnerability via the url parameter in check.php. | |||||
| CVE-2022-27982 | 1 Ruijienetworks | 2 Rg-nbr2100g-e, Rg-nbr2100g-e Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain a remote code execution (RCE) vulnerability via the fileName parameter at /guest_auth/cfg/upLoadCfg.php. | |||||
| CVE-2021-43164 | 1 Ruijienetworks | 6 Reyeeos, Rg-ew1200, Rg-ew1200g Pro and 3 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the updateVersion function in /cgi-bin/luci/api/wireless. | |||||
| CVE-2021-43163 | 1 Ruijienetworks | 6 Reyeeos, Rg-ew1200, Rg-ew1200g Pro and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the checkNet function in /cgi-bin/luci/api/auth. | |||||
| CVE-2021-43162 | 1 Ruijienetworks | 6 Reyeeos, Rg-ew1200, Rg-ew1200g Pro and 3 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the runPackDiagnose function in /cgi-bin/luci/api/diagnose. | |||||
| CVE-2021-43161 | 1 Ruijienetworks | 6 Reyeeos, Rg-ew1200, Rg-ew1200g Pro and 3 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the doSwitchApi function in /cgi-bin/luci/api/switch. | |||||
| CVE-2021-43160 | 1 Ruijienetworks | 6 Reyeeos, Rg-ew1200, Rg-ew1200g Pro and 3 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the switchFastDhcp function in /cgi-bin/luci/api/diagnose. | |||||
| CVE-2021-43159 | 1 Ruijienetworks | 6 Reyeeos, Rg-ew1200, Rg-ew1200g Pro and 3 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the setSessionTime function in /cgi-bin/luci/api/common.. | |||||