Описание
ReyeeOS 1.204.1614 contains an unencrypted CWMP communication vulnerability that allows attackers to intercept and manipulate device communication through a man-in-the-middle attack. Attackers can create a fake CWMP server to inject and execute arbitrary commands on Ruijie Reyee Cloud devices by exploiting the unprotected HTTP polling requests.
Ссылки
- ProductBroken Link
- Exploit
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:o:ruijienetworks:reyee_os:1.204.1614:*:*:*:*:*:*:*
EPSS
Процентиль: 12%
0.00039
Низкий
8.1 High
CVSS3
Дефекты
CWE-319
Связанные уязвимости
CVSS3: 8.1
github
около 2 месяцев назад
ReyeeOS 1.204.1614 contains an unencrypted CWMP communication vulnerability that allows attackers to intercept and manipulate device communication through a man-in-the-middle attack. Attackers can create a fake CWMP server to inject and execute arbitrary commands on Ruijie Reyee Cloud devices by exploiting the unprotected HTTP polling requests.
EPSS
Процентиль: 12%
0.00039
Низкий
8.1 High
CVSS3
Дефекты
CWE-319