Ruijie Reyee OS (Update A)

Act Now9.8ICS-CERT ICSA-24-338-01Dec 3, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in Reyee OS versions 2.206.x through 2.319.x allow unauthenticated remote attackers to gain near-complete control over affected devices through improper credential handling, access control bypasses, and insecure deserialization. Ruijie reports the issues have been fixed on their cloud infrastructure, but no firmware patch is available for on-premises deployments. Affected CWEs include hardcoded credentials (CWE-798), sensitive data exposure (CWE-359), improper authorization (CWE-826), and unsafe deserialization (CWE-918).

What this means

What could happen

An attacker who gains access to a Reyee OS device could execute arbitrary commands and take near-complete control, potentially altering network routing, configuration, or security policies for any connected infrastructure.

Who's at risk

Network administrators operating Reyee routing or switching equipment (particularly in edge networks or branch sites) running OS versions 2.206.x through 2.319.x should prioritize defensive measures, as compromise could allow attackers to redirect traffic, access other systems, or intercept communications.

How it could be exploited

An attacker with network access to a Reyee OS device (versions 2.206.x through 2.319.x) running the affected firmware can exploit multiple vulnerabilities related to credential exposure, improper access controls, and insecure deserialization to gain unauthenticated command execution and device control.

Prerequisites

Network access to the Reyee OS device
Device running vulnerable firmware version 2.206.x to 2.319.x
No authentication credentials required

Remotely exploitable without authenticationLow complexity attackNear-complete device compromise possibleAffects network infrastructure securityNo patch available from vendor

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

Reyee OS: >=2.206.x|<2.320.x≥ 2.206.x|<2.320.xNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGImplement firewall rules to restrict network access to Reyee OS devices, ensuring they are not reachable from the internet or untrusted networks

HARDENINGIsolate Reyee OS devices from business networks using network segmentation or a DMZ

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGIf remote access to Reyee OS devices is required, use a VPN with current security patches and strong authentication

HARDENINGMonitor Reyee OS devices for suspicious configuration changes or unauthorized access attempts

CVEs (10)

CVE-2024-47547 CVE-2024-42494 CVE-2024-51727 CVE-2024-47043 CVE-2024-45722 CVE-2024-47791 CVE-2024-46874 CVE-2024-48874 CVE-2024-52324 CVE-2024-47146

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9de3d962-07f0-4e59-af80-a5e1c7e00d41