Cyber Resilience

CVE-2024-42936

CriticalPublic PoCRCE

Published: 21 January 2025

Published
21 January 2025
Modified
15 December 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0340 87.7th percentile
Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-42936 is a critical-severity Code Injection (CWE-94) vulnerability in Ruijie Reyee Os. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 12.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-42936 is a critical remote code execution (RCE) vulnerability (CVSS 3.1 score of 9.8) affecting the mqlink.elf service component in the Ruijie RG-EW300N router running ReyeeOS firmware version 1.300.1422. The flaw, classified under CWE-94 (code injection), arises from insufficient validation of MQTT broker messages, allowing attackers to inject and execute arbitrary code remotely. It was published on January 21, 2025.

An unauthenticated attacker with network access can exploit this vulnerability with low complexity and no user interaction required (AV:N/AC:L/PR:N/UI:N). Successful exploitation grants high-impact confidentiality, integrity, and availability compromise (C:H/I:H/A:H) through RCE, potentially enabling full device takeover, data exfiltration, or use as a pivot point in larger network attacks.

Advisories and mitigation details are available in the referenced GitHub gist (https://gist.github.com/smrx86/2008111b12ab47882b3928d0cbc9e415), which likely includes exploit proof-of-concept and further technical analysis. Practitioners should check for firmware updates from Ruijie and apply network segmentation or MQTT traffic filtering as interim measures.

EU & UK References

Vulnerability details

The mqlink.elf is service component in Ruijie RG-EW300N with firmware ReyeeOS 1.300.1422 is vulnerable to Remote Code Execution via a modified MQTT broker message.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct unauthenticated RCE via insufficient input validation on exposed MQTT service component matches T1190 Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-56122Same product: Ruijie Rg-Ew300N
CVE-2025-56099Same product: Ruijie Reyee Os
CVE-2025-56083Same product: Ruijie Reyee Os
CVE-2025-13773Shared CWE-94
CVE-2025-50692Shared CWE-94
CVE-2026-30643Shared CWE-94
CVE-2026-30460Shared CWE-94
CVE-2025-71243Shared CWE-94
CVE-2026-44262Shared CWE-94
CVE-2024-13792Shared CWE-94

Affected Assets

ruijie
reyee os
1.300.1422

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 mandates information input validation at system entry points, directly addressing the insufficient validation of MQTT broker messages that enables remote code injection.

prevent

SI-2 requires identification, reporting, and correction of system flaws like this firmware vulnerability, preventing exploitation through timely patching.

prevent

SC-7 enforces boundary protection and monitoring of external interfaces, mitigating unauthenticated remote access by filtering or segmenting MQTT traffic to the vulnerable service.

References