CVE-2024-46874
Published: 06 December 2024
Summary
CVE-2024-46874 is a critical-severity Improper Handling of Insufficient Permissions or Privileges (CWE-280) vulnerability in Ruijienetworks Reyee Os. Its CVSS base score is 9.2 (Critical).
Operationally, ranked at the 29.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-42180
Vulnerability details
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could issue commands to other devices on behalf of Ruijie's cloud.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.