Compare Products

Hide

Clear All

VS

Home > Security Bulletins >Clarification Regarding Security Vulnerabilities in Certain Reyee Products

Clarification Regarding Security Vulnerabilities in Certain Reyee Products

Published on: December 4, 2024
Last Updated on: December 6, 2024
I. Summary
Some Reyee devices have vulnerabilities, including weak MQTT credentials and SN leakage. Attackers can exploit these vulnerabilities to launch remote command injection attacks, potentially gaining access control of the targeted devices.【Vulnerability ID:RJPSIRT-2024-12040】
The following Common Vulnerabilities and Exposures (CVE) IDs have been assigned to these vulnerabilities: CVE-2024-47547, CVE-2024-42494, CVE-2024-51727, CVE-2024-47043, CVE-2024-45722, CVE-2024-47791, CVE-2024-46874, CVE-2024-48874, CVE-2024-52324, and CVE-2024-47146.
II. Software Versions and Fixes
Model
Affected Version
Fixed Version
RG-EG210G-P
Versions from ReyeeOS 1.206.0.2219 up to, but not including ReyeeOS 2.324.0.2328
ReyeeOS 2.324.0.2328 and later
RG-EG210G-P-V3
RG-EG105G-V2
RG-EG105G-P-V2
RG-EG105G-V3
RG-EG105G-P-V3
RG-EG210G-E
RG-EG209GS
RG-EG305GH-P-E
RG-EG310GH-E
RG-EG310GH-P-E
RG-EG1510XS
RG-NBS3100-8GT2SFP
Versions from ReyeeOS 1.206.2123 up to, but not including ReyeeOS 2.324.0.2328
ReyeeOS 2.324.0.2328 and later
RG-NBS3200-24GT4XS
RG-NBS3200-24GT4XS-P
RG-NBS3200-48GT4XS
RG-NBS3200-48GT4XS-P
RG-NBS3200-24SFP/8GT4XS
RG-NBS5200-48GT4XS
RG-NBS5200-24GT4XS
RG-NBS5200-24SFP/8GT4XS
RG-NBS5300-8MG2XS-UP
RG-NBS5100-48GT4SFP
RG-NBS5100-24GT4SFP
RG-NBS6002
RG-NBS7003
RG-NBS7006
RG-NBS3100-24GT4SFP-V2
RG-NBS3100-24GT4SFP-P-V2
RG-NBS3100-8GT2SFP-P-V2
RG-NIS3100-8GT4SFP-HP
RG-NIS3100-8GT2SFP-HP
RG-NIS3100-4GT2SFP-HP
RG-NBS3100-48GT4SFP-P
RG-NBS3300-8MG2XS-P
RG-NBS3300-16MG4XS-HP
RG-NBS5200-24GT4XS-P
RG-NBS5200-48GT4XS-UP
RG-NBS5100-24GT4SFP-P
RG-NBS5500-12XS
RAP2200(E)
Versions from ReyeeOS 1.206.0.2219 up to, but not including ReyeeOS 2.300.0.2328
ReyeeOS 2.300.0.2328 and later
RAP1201
RAP2200(F)
RAP1200(F)
RAP1200(P)
RAP6202(G)
RAP52-OD
RAP6262(G)
RAP2260(G)
RAP2260(E)
RAP6260(G)
RAP6262
RAP62-OD
RAP1260
RAP1261
RAP2260
RAP2266
RAP2260-V2
RAP2266-V2
RAP2260(H)
RAP6260(H)
RAP6260(H)-D
RAP73HD
EG105GW-X
Versions from ReyeeOS 1.206.0.2219 up to, but not including ReyeeOS 2.300.0.2403
ReyeeOS 2.300.0.2403 and later
EG105GW(T)
RAP72Pro-OD
Versions earlier than ReyeeOS 2.301.0.2403
ReyeeOS 2.301.0.2403 and later
RAP72-Wall
RAP72Pro
RAP73Pro
Versions earlier than ReyeeOS 2.288.0.2328
ReyeeOS 2.288.0.2328 and later
AITMETRO460G
Versions earlier than AP_3.0(1)B11P300,Release(11240311)
AP_3.0(1)B11P300,Release(11240311) and later
AIRMETRO460F
AIRMETRO550G-B
EST100-E
EST350-V2
EST310-V2
APF1250
Versions earlier than ReyeeOS 2.324.0.2403
ReyeeOS 2.324.0.2403 and later
RG-NBF5200M-8FS16GT4XS
Versions earlier than ReyeeOS 2.324.0.2403
ReyeeOS 2.324.0.2403 and later
RG-NBF6002M
MF6000M-16FS8GT2XS
MF6000M-24GT2XS
MF6000M-16GT8SFP2XS
REX12 Versions earlier than ReyeeOS 1.313.2406 ReyeeOS 1.313.2406 and later
EW300N
EW300-PRO
EW1200
EW1200G-PRO
EW1300G
EW1800GX-PRO
M18
EW3000GX
EW3000GX-PRO
E4
E5
M32
R6
EW3200GX-PRO
E6
EW7200BE-PRO
EW300T Versions earlier than  ReyeeOS 1.310.2405 ReyeeOS 1.310.2405 and later
How to obtain the fixed version:
  1. Automatic Upgrade: For devices that support automatic upgrade, you will receive an upgrade prompt. Follow the prompt to install the fix.
  2. Manual Fix: You can download the fixed version directly from the official website of Ruijie Networks.
  3. Contact Support: Reach out to your local after-sales support team to obtain the fixed version.
III. Vulnerability Scoring
Severity ratings are performed according to the Common Vulnerability Scoring System (CVSS) v3.1 scoring system. For more information, visit https://www.first.org/cvss/v3.1/specification-document.
1. CVE-2024-47547
CVSS3.1 Base Score: 8.2 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N)
2. CVE-2024-42494
CVSS3.1 Base Score: 4.9 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)
3. CVE-2024-51727
CVSS3.1 Base Score: 4.9 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)
4. CVE-2024-47043
CVSS3.1 Base Score: 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
5. CVE-2024-45722
CVSS3.1 Base Score: 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
6. CVE-2024-47791
CVSS3.1 Base Score: 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
7. CVE-2024-46874
CVSS3.1 Base Score: 7.5 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
8. CVE-2024-48874
CVSS3.1 Base Score: 7.5 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
9. CVE-2024-52324
CVSS3.1 Base Score: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
10. CVE-2024-47146
CVSS3.1 Base Score: 3.1 (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
IV.Temporary Fix
NONE
V. Source
The vulnerabilities are disclosed by Claroty Team82.
VI. Revision History
Time
Description
December 4, 2024
Initial release
December 6, 2024
First update
VII. Contact Us
Ruijie Networks adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deals with product security issues through our response mechanism.
To enjoy Ruijie Networks PSIRT services and obtain Ruijie Networks product vulnerability information, please visit https://www.ruijienetworks.com/support/securityBulletins.
To report a security vulnerability in Ruijie Networks products and solutions, please send it to PSIRT@ruijie.com.cn . For details, please visit https://www.ruijienetworks.com/support/securityBulletins/vulnerability_reporting.
You can contact us through the following channels:
Ruijie Networks Co., Ltd.
December 4, 2024

Vulnerability Response Mechanism

Ruijie PSIRT addresses the reported potential vulnerabilities in accordance with the vulnerability handling process. Learn More

Vulnerability Reporting

Security vulnerability reporters can submit potential security vulnerabilities to Ruijie PSIRT mailbox. Learn More

Ruijie Networks websites use cookies to deliver and improve the website experience.

See our cookie policy for further details on how we use cookies and how to change your cookie settings.

Accept All

Manage Cookies

Cookie Manager

When you visit any website, the website will store or retrieve the information on your browser. This process is mostly in the form of cookies. Such information may involve your personal information, preferences or equipment, and is mainly used to enable the website to provide services in accordance with your expectations. Such information usually does not directly identify your personal information, but it can provide you with a more personalized network experience. We fully respect your privacy, so you can choose not to allow certain types of cookies. You only need to click on the names of different cookie categories to learn more and change the default settings. However, blocking certain types of cookies may affect your website experience and the services we can provide you.

  • Performance cookies

    Through this type of cookie, we can count website visits and traffic sources in order to evaluate and improve the performance of our website. This type of cookie can also help us understand the popularity of the page and the activity of visitors on the site. All information collected by such cookies will be aggregated to ensure the anonymity of the information. If you do not allow such cookies, we will have no way of knowing when you visited our website, and we will not be able to monitor website performance.

  • Essential cookies

    This type of cookie is necessary for the normal operation of the website and cannot be turned off in our system. Usually, they are only set for the actions you do, which are equivalent to service requests, such as setting your privacy preferences, logging in, or filling out forms. You can set your browser to block or remind you of such cookies, but certain functions of the website will not be available. Such cookies do not store any personally identifiable information.

Accept All

View Cookie Policy Details

Fale conosco

Fale conosco

How can we help you?

Fale conosco

Get an Order help

Fale conosco

Get a tech support

2024 Ruijie Networks Brand Awareness Survey

Your opinions and feelings are crucial for our improvement.

Fill in the survey