Metrics
Affected Vendors & Products
Solution
Ruijie reports that the issues have been fixed on the cloud and no action is needed by end users. However, CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: * Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 . * Locate control system networks and remote devices behind firewalls and isolating them from business networks. * When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.
Workaround
No workaround given by the vendor.
Sat, 12 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|
Tue, 10 Dec 2024 20:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Ruijienetworks
Ruijienetworks reyee Os |
|
CPEs | cpe:2.3:o:ruijienetworks:reyee_os:*:*:*:*:*:*:*:* | |
Vendors & Products |
Ruijienetworks
Ruijienetworks reyee Os |
Fri, 06 Dec 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Ruijie
Ruijie reyee Os |
|
CPEs | cpe:2.3:o:ruijie:reyee_os:*:*:*:*:*:*:*:* | |
Vendors & Products |
Ruijie
Ruijie reyee Os |
|
Metrics |
ssvc
|
Fri, 06 Dec 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arbitrary OS commands. | |
Title | Ruijie Reyee OS Use of Inherently Dangerous Function | |
Weaknesses | CWE-242 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: icscert
Published:
Updated: 2024-12-06T20:24:31.142Z
Reserved: 2024-11-20T23:41:59.187Z
Link: CVE-2024-52324

Updated: 2024-12-06T19:23:13.590Z

Status : Analyzed
Published: 2024-12-06T19:15:13.083
Modified: 2024-12-10T19:42:56.737
Link: CVE-2024-52324

No data.

No data.