← volver
CVE-2023-53881

ReyeeOS 1.204.1614 Man-in-the-Middle Remote Code Execution via CWMP

CVSS 9.2 CRITICALEPSS 0.3%CWE-319
ReyeeOS 1.204.1614 contains an unencrypted CWMP communication vulnerability that allows attackers to intercept and manipulate device communication through a man-in-the-middle attack. Attackers can create a fake CWMP server to inject and execute arbitrary commands on Ruijie Reyee Cloud devices by exploiting the unprotected HTTP polling requests.
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
Ruijie · ReyeeOS

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://ruijienetworks.comhttps://www.exploit-db.com/exploits/51642https://www.vulncheck.com/advisories/reyeeos-man-in-the-middle-remote-code-execution-via-cwmp