CVE-2024-42936
Published: 21 January 2025
Summary
CVE-2024-42936 is a critical-severity Code Injection (CWE-94) vulnerability in Ruijie Reyee Os. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 12.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-42936 is a critical remote code execution (RCE) vulnerability (CVSS 3.1 score of 9.8) affecting the mqlink.elf service component in the Ruijie RG-EW300N router running ReyeeOS firmware version 1.300.1422. The flaw, classified under CWE-94 (code injection), arises from insufficient validation of MQTT broker messages, allowing attackers to inject and execute arbitrary code remotely. It was published on January 21, 2025.
An unauthenticated attacker with network access can exploit this vulnerability with low complexity and no user interaction required (AV:N/AC:L/PR:N/UI:N). Successful exploitation grants high-impact confidentiality, integrity, and availability compromise (C:H/I:H/A:H) through RCE, potentially enabling full device takeover, data exfiltration, or use as a pivot point in larger network attacks.
Advisories and mitigation details are available in the referenced GitHub gist (https://gist.github.com/smrx86/2008111b12ab47882b3928d0cbc9e415), which likely includes exploit proof-of-concept and further technical analysis. Practitioners should check for firmware updates from Ruijie and apply network segmentation or MQTT traffic filtering as interim measures.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-39451
Vulnerability details
The mqlink.elf is service component in Ruijie RG-EW300N with firmware ReyeeOS 1.300.1422 is vulnerable to Remote Code Execution via a modified MQTT broker message.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct unauthenticated RCE via insufficient input validation on exposed MQTT service component matches T1190 Exploit Public-Facing Application.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-10 mandates information input validation at system entry points, directly addressing the insufficient validation of MQTT broker messages that enables remote code injection.
SI-2 requires identification, reporting, and correction of system flaws like this firmware vulnerability, preventing exploitation through timely patching.
SC-7 enforces boundary protection and monitoring of external interfaces, mitigating unauthenticated remote access by filtering or segmenting MQTT traffic to the vulnerable service.