The Ultimate Guide To Cybersecurity In The Real World. - Register Here
The Ultimate Guide To Cybersecurity In The Real World. - Register Here
Schedule a Consultation
Hoplon InfoSec Logo
  • Products
  • Services

Hoplon Infosec · Threat Intelligence

Flaws in Ruijie Network's Cloud Platform Could Put 50,000 Devices at Risk of Remote Attacks

ByHoplon Infosec
Published25 Dec, 2024
Flaws in Ruijie Network's Cloud Platform Could Put 50,000 Devices at Risk of Remote Attacks
Hoplon Infosec25 Dec, 2024

In a recent revelation, cybersecurity researchers have uncovered significant vulnerabilities in the cloud management platform developed by Ruijie Networks. These flaws, if exploited, could grant attackers control over network appliances, posing severe threats to organizations relying on these devices. The implications of these findings underscore the need for heightened vigilance in securing the Internet of Things (IoT) and cloud-enabled devices.

The Scope of the Vulnerabilities

According to Claroty researchers Noam Moshe and Tomer Goldschmidt, these vulnerabilities affect the Reyee platform and the Reyee OS network devices. “The vulnerabilities, if exploited, could allow a malicious attacker to execute code on any cloud-enabled device, giving them the ability to control tens of thousands of devices,” they stated in their analysis. Such access can lead to widespread disruption, data breaches, and unauthorized control over critical infrastructure.

The operational technology (OT) security company investigated Ruijie’s IoT solutions and identified 10 distinct security flaws. To demonstrate the potential risks, the researchers devised an attack dubbed “Open Sesame,” capable of breaching an access point in close physical proximity via the cloud and gaining unauthorized network access.

Highlights of the Critical Vulnerabilities

Of the 10 identified vulnerabilities, three have been rated as Critical in severity:

  1. CVE-2024-47547 (CVSS score: 9.4):

    • This vulnerability arises from a weak password recovery mechanism. Such a mechanism leaves the authentication process susceptible to brute force attacks, enabling attackers to compromise device security.

  2. CVE-2024-48874 (CVSS score: 9.8):

    • A server-side request forgery (SSRF) flaw can be exploited to access internal services used by Ruijie and its AWS-based cloud infrastructure. Attackers leveraging this flaw could disrupt cloud operations and access sensitive internal systems.

  3. CVE-2024-52324 (CVSS score: 9.8):

    • The use of an inherently dangerous function that allows attackers to send malicious MQTT messages, potentially leading to arbitrary operating system command execution on affected devices.

Breaking MQTT Authentication

Photo Credit: https://cedalo.com

One of the critical findings in Claroty’s research is the ease of bypassing MQTT authentication by knowing the device’s serial number (CVE-2024-45722, CVSS score: 7.5). Exploiting this flaw enables access to Ruijie’s MQTT broker, revealing a complete list of all cloud-connected devices’ serial numbers.

Using leaked serial numbers, attackers can:

  • Generate valid authentication credentials for all cloud-connected devices.

  • Perform denial-of-service (DoS) attacks by authenticating on behalf of devices and disconnecting them.

  • Send fabricated messages and events to the cloud, misleading device users.

  • Access all MQTT message queues to issue malicious commands that execute on cloud-connected devices.

This chain of vulnerabilities significantly escalates the risks associated with Ruijie’s cloud management platform.

Open Sesame: Exploiting Wi-Fi Networks

Another alarming aspect of the research involves exploiting physical proximity to Ruijie’s Wi-Fi networks. An attacker adjacent to a Wi-Fi network using Ruijie access points can:

  • Extract the device’s serial number by intercepting raw Wi-Fi beacons.

  • Leverage MQTT communication vulnerabilities to achieve remote code execution (CVE-2024-47146, CVSS score: 7.5).

The researchers highlighted the cascading effects of such an attack, where a single point of vulnerability can compromise a broader network of devices.

The Scale of Impact and Resolution

Before Ruijie Networks addressed these issues, approximately 50,000 cloud-connected devices were estimated to be vulnerable. Following responsible disclosure, the Chinese company implemented fixes, and no user action is required to mitigate the threats.

“This is another example of weaknesses in so-called internet-of-things devices such as wireless access points, routers, and other connected things that have a fairly low barrier to entry onto the device, yet enable much deeper network attacks,” the researchers emphasized.

Broader Implications for IoT Security

Discovering these vulnerabilities in Ruijie’s platform is not an isolated incident. It highlights systemic issues in the IoT ecosystem, where weak security mechanisms can lead to catastrophic outcomes. This incident aligns with similar findings by security firm PCAutomotive, which flagged 12 vulnerabilities in the MIB3 infotainment unit used in certain Skoda cars.

Vulnerabilities in Skoda’s MIB3 Infotainment Unit

The flaws in Skoda’s infotainment unit include:

  1. Code execution over Bluetooth.

  2. Privilege escalation to root.

  3. Bypassing secure boot for persistent code execution.

  4. Controlling the infotainment unit via DNS channels every time the car starts.

These vulnerabilities allow attackers to:

  • Track a car’s location in real time.

  • Record conversations via the in-car microphone.

  • Take screenshots of the infotainment display.

  • Exfiltrate contact information from the system.

Lessons Learned and Future Directions

The vulnerabilities in Ruijie’s platform and Skoda’s infotainment unit underline the critical need for robust security in IoT and cloud-enabled devices. Organizations and manufacturers must prioritize security from the design phase, ensuring:

  • Strong authentication mechanisms.

  • Regular vulnerability assessments.

  • Swift responses to reported flaws.

Moreover, users must remain vigilant about applying security updates and monitoring device behavior for anomalies.

Conclusion

Claroty and PCAutomotive’s findings are stark reminders of the growing risks in an interconnected world. As IoT adoption continues to surge, securing these devices is no longer optional but imperative. Collaboration between researchers, manufacturers, and users is essential to address these challenges and build a safer digital ecosystem.

Follow us on Twitter and LinkedIn to stay informed about the latest cybersecurity updates. Together, we can work towards a more secure future.

For More:

https://thehackernews.com/2024/12/ruijie-networks-cloud-platform-flaws.html

About the author

Hoplon Infosec

Hoplon Infosec

Was this useful?

React, leave a note, or share it forward.

Leave a note

Share this article

Share this :

Free · Weekly · No noise

Get the threats that matter, before they reach you.

One short email a week with the breaches, zero-days, and fixes worth your attention — written in plain English, no fear-mongering.

Hoplon InfoSec Logo
Address : 1415 West 22nd Street, Tower Floor, Oak Brook, IL 60523

Phone : +1 (773) 904-3136

Email : info@hoploninfosec.com

Services

  • Penetration Testing
  • Cyber Security Assessment
  • AI Development
  • Incident Readiness & Response Recovery

Products

  • IBM Flash Storage Solutions
  • Mobile Security
  • Endpoint Security
  • Deep and Dark Web Monitoring

Sign Up For Newsletter

Get the latest updates on new products and upcoming news

Copyright © Hoplon InfoSec, LLC and its group of companies.
About usContact usTerms & ConditionsCookie PolicyPrivacy Policy
03Latest posts

Keep reading.

SonicWall SMA1000 Zero-Day Vulnerabilities: Patch Now
15 Jul, 2026

SonicWall SMA1000 Zero-Day Vulnerabilities: Patch Now

SonicWall SMA1000 zero-day vulnerabilities are under active attack. See affected versions, CVE details, IOC checks and the patch you need right now.

Read More
Windows 11 KB5101650 Dell Issue: Causes and Full Fix Guide
15 Jul, 2026

Windows 11 KB5101650 Dell Issue: Causes and Full Fix Guide

Windows 11 KB5101650 is blocked on some Dell PCs after an Intel driver conflict triggered shutdowns and overheating. Here is what happened and what to do.

Read More
OFAC Sanctions First VPN Service Over Ransomware
14 Jul, 2026

OFAC Sanctions First VPN Service Over Ransomware

Learn why OFAC sanctioned First VPN Service and a malware cryptor seller, how 1VPNS helped ransomware groups, and how to defend against FSB router attacks.

Read More
CVE-2026-57807: Critical WordPress SSO Flaw Explained
13 Jul, 2026

CVE-2026-57807: Critical WordPress SSO Flaw Explained

CVE-2026-57807 affects miniOrange OAuth SSO through 38.5.8. Learn who is exposed, how the flaw works, plus safe mitigation and incident response steps.

Read More
Mobile App Security Guide: Risks, Fixes and Best Practices
13 Jul, 2026

Mobile App Security Guide: Risks, Fixes and Best Practices

Mobile app security explained simply, covering real risks, OWASP threats, encryption and practical steps to protect any app from hackers.

Read More
Apple OpenAI Lawsuit: Inside the Trade Secret Theft Claims
13 Jul, 2026

Apple OpenAI Lawsuit: Inside the Trade Secret Theft Claims

Apple OpenAI lawsuit explained. See what Apple accuses Tang Tan, Chang Liu and OpenAI of stealing, and what it means for hardware security.

Read More