CVE-2024-47791
High
Published: 06 December 2024
Published
06 December 2024
Modified
10 December 2024
KEV Added
—
Patch
—
CVSS Score v4
8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score
0.0021
43.3th percentile
Risk Priority
18
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2024-47791 is a high-severity Improper Neutralization of Wildcards or Matching Symbols (CWE-155) vulnerability in Ruijienetworks Reyee Os. Its CVSS base score is 8.7 (High).
Operationally, ranked at the 43.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-42837
Vulnerability details
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie MQTT broker, and receive partial messages being sent to and from devices.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
ruijienetworks
reyee os
2.206.0 — 2.320.0
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.