CVE-2024-47146
published 2024-12-06CVE-2024-47146: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically adjacent and…
PriorityP430medium6.5CVSS 3.1
AVAACLPRNUINSUCHINAN
EPSS
0.28%
19.3th percentile
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically adjacent and sniffing the RAW WIFI signal.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | >= 0 < 4.4.0-276.310 | 4.4.0-276.310 |
| ruijie | reyee_os | >= 2.206.x < 2.320.x | 2.320.x |
| ruijienetworks | reyee_os | >= 2.206.0 < 2.320.0 | 2.320.0 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv4.07.1HIGHCVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Ruijie Reyee OS (Update A)
cisa_ics·2024-12-10·CVSS 9.3
[CRITICAL] Ruijie Reyee OS (Update A)
ICS Advisory
##
Ruijie Reyee OS (Update A)
Last RevisedDecember 10, 2024
Alert CodeICSA-24-338-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.3
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Ruijie
- Equipment: Reyee OS
- Vulnerabilities: Weak Password Recovery Mechanism for Forgotten Password, Exposure of Private Personal Information to an Unauthorized Actor, Premature Release of Resource During Expected Lifetime, Insecure Storage of Sensitive Information, Use of Weak Credentials, Improper Neutralization of Wildcards or Matching Symbols, Improper Handling of Insufficient Permissions or Privileges, Server-Side Request Forgery (SSRF), Use of Inherentl
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
osv·2025-12-15·CVSS 5.5
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- ACPI drivers;
- Hardware monitoring drivers;
- InfiniBand drivers;
- MTD block device drivers;
- Network drivers;
- DesignWare USB3 driver;
- Ceph distributed file system;
- Network file system (NFS) server daemon;
- NILFS2 file system;
- File systems infrastructure;
- Tracing infrastructure;
- Appletalk network protocol;
- IPv6 networking;
- Netfilter;
(CVE-2021-47146, CVE-2021-47269, CVE-2021-47385, CVE-2021-47634,
CVE-2022-49026, CVE-2024-49935, CVE-2024-50067, CVE-2024-50095,
CVE-2024-50179, CVE-2024-53112, CVE-2024-53217, C
OSV
linux-fips vulnerabilities
osv·2025-12-15·CVSS 5.5
linux-fips vulnerabilities
linux-fips vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- ACPI drivers;
- Hardware monitoring drivers;
- InfiniBand drivers;
- MTD block device drivers;
- Network drivers;
- DesignWare USB3 driver;
- Ceph distributed file system;
- Network file system (NFS) server daemon;
- NILFS2 file system;
- File systems infrastructure;
- Tracing infrastructure;
- Appletalk network protocol;
- IPv6 networking;
- Netfilter;
(CVE-2021-47146, CVE-2021-47269, CVE-2021-47385, CVE-2021-47634,
CVE-2022-49026, CVE-2024-49935, CVE-2024-50067, CVE-2024-50095,
CVE-2024-50179, CVE-2024-53112, CVE-2024-53217, CVE-2025-21715,
CVE-2025-21722, CVE-
GHSA
GHSA-5732-h43f-839f: Ruijie Reyee OS versions 2
ghsa_unreviewed·2024-12-06
CVE-2024-47146 [HIGH] CWE-402 GHSA-5732-h43f-839f: Ruijie Reyee OS versions 2
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically adjacent and sniffing the RAW WIFI signal.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-12-06
Published