Описание
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could issue commands to other devices on behalf of Ruijie's cloud.
Ссылки
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия от 2.206.0 (включая) до 2.320.0 (исключая)
cpe:2.3:o:ruijienetworks:reyee_os:*:*:*:*:*:*:*:*
EPSS
Процентиль: 29%
0.00108
Низкий
8.1 High
CVSS3
9.9 Critical
CVSS3
Дефекты
CWE-280
Связанные уязвимости
CVSS3: 8.1
github
около 1 года назад
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could issue commands to other devices on behalf of Ruijie's cloud.
CVSS3: 8.1
fstec
около 1 года назад
Уязвимость брокера MQTT операционной системы Ruijie Reyee OS, позволяющая нарушителю выполнить произвольные команды
EPSS
Процентиль: 29%
0.00108
Низкий
8.1 High
CVSS3
9.9 Critical
CVSS3
Дефекты
CWE-280