cbcvebase.

Ruijie Reyee Os vulnerabilities

15 known vulnerabilities affecting ruijie/reyee_os.

Total CVEs
15
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH7MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2025-56084P2HIGHCVSS 8.8v221v2192025-12-11
CVE-2025-56084 [HIGH] CWE-78 CVE-2025-56084: OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226_EW1800GX-PRO_10223117 allowing OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226_EW1800GX-PRO_10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua.
nvd
CVE-2025-56083P2HIGHCVSS 8.8v221v2192025-12-11
CVE-2025-56083 [HIGH] CWE-78 CVE-2025-56083: OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execu OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_networkId_merge.lua.
nvd
CVE-2024-46874P2CRITICALCVSS 9.9≥ 2.206.x, < 2.320.x2024-12-06
CVE-2024-46874 [CRITICAL] CWE-280 CVE-2024-46874: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could issue commands to other devices on behalf of Ruijie's cloud.
nvd
CVE-2025-56099P2HIGHCVSS 8.8v221v2192025-12-11
CVE-2025-56099 [HIGH] CWE-78 CVE-2025-56099: OS Command Injection vulnerability in Ruijie RG-YST AP_3.0(1)B11P280YST250F allowing attackers to ex OS Command Injection vulnerability in Ruijie RG-YST AP_3.0(1)B11P280YST250F allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua.
nvd
CVE-2025-56113P2HIGHCVSS 8.8v221v2192025-12-11
CVE-2025-56113 [HIGH] CWE-78 CVE-2025-56113: OS Command Injection vulnerability in Ruijie RG-YST EST, YSTAP_3.0(1)B11P280YST250F V1.xxV2.xx allow OS Command Injection vulnerability in Ruijie RG-YST EST, YSTAP_3.0(1)B11P280YST250F V1.xxV2.xx allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua.
nvd
CVE-2024-52324P2CRITICALCVSS 9.8≥ 2.206.x, < 2.320.x2024-12-06
CVE-2024-52324 [CRITICAL] CWE-242 CVE-2024-52324: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous functi Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arbitrary OS commands.
nvd
CVE-2024-42936P3CRITICALCVSS 9.8v1.300.14222025-01-21
CVE-2024-42936 [CRITICAL] CWE-94 CVE-2024-42936: The mqlink.elf is service component in Ruijie RG-EW300N with firmware ReyeeOS 1.300.1422 is vulnerab The mqlink.elf is service component in Ruijie RG-EW300N with firmware ReyeeOS 1.300.1422 is vulnerable to Remote Code Execution via a modified MQTT broker message.
nvd
CVE-2024-48874P3CRITICALCVSS 9.8≥ 2.206.x, < 2.320.x2024-12-06
CVE-2024-48874 [CRITICAL] CWE-918 CVE-2024-48874: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud metadata services.
nvd
CVE-2024-47547P3CRITICALCVSS 9.8≥ 2.206.x, < 2.320.x2024-12-06
CVE-2024-47547 [CRITICAL] CWE-640 CVE-2024-47547: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for its u Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for its users to change their passwords which leaves authentication vulnerable to brute force attacks.
nvd
CVE-2024-45722P3HIGHCVSS 7.5≥ 2.206.x, < 2.320.x2024-12-06
CVE-2024-45722 [HIGH] CWE-1391 CVE-2024-45722: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses weak credential mechanism that Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses weak credential mechanism that could allow an attacker to easily calculate MQTT credentials.
nvd
CVE-2024-42494P3HIGHCVSS 7.5≥ 2.206.x, < 2.320.x2024-12-06
CVE-2024-42494 [HIGH] CWE-359 CVE-2024-42494: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a a feature that could ena Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a a feature that could enable sub accounts or attackers to view and exfiltrate sensitive information from all cloud accounts registered to Ruijie's services
nvd
CVE-2024-51727P3HIGHCVSS 7.5≥ 2.206.x, < 2.320.x2024-12-06
CVE-2024-51727 [HIGH] CWE-826 CVE-2024-51727: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a feature that could enabl Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a feature that could enable attackers to invalidate a legitimate user's session and cause a denial-of-service attack on a user's account.
nvd
CVE-2024-47146P4MEDIUMCVSS 6.5≥ 2.206.x, < 2.320.x2024-12-06
CVE-2024-47146 [MEDIUM] CWE-402 CVE-2024-47146: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain t Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically adjacent and sniffing the RAW WIFI signal.
nvd
CVE-2024-47791P4MEDIUMCVSS 5.3≥ 2.206.x, < 2.320.x2024-12-06
CVE-2024-47791 [MEDIUM] CWE-155 CVE-2024-47791: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscrib Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie MQTT broker, and receive partial messages being sent to and from devices.
nvd
CVE-2024-47043P4MEDIUMCVSS 5.3≥ 2.206.x, < 2.320.x2024-12-06
CVE-2024-47043 [MEDIUM] CWE-922 CVE-2024-47043: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could enable an attacker to correla Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could enable an attacker to correlate a device serial number and the user's phone number and part of the email address.
nvd
Ruijie Reyee Os vulnerabilities | cvebase