Riyan Firmansyah

**Name of the Vulnerable Software and Affected Versions** ReyeeOS version 1.204.1614 **Description** ReyeeOS version 1.204.1614 contains an unencrypted CWMP communication issue that allows attackers to intercept and manipulate device communication through a man-in-the-middle attack. Attackers can create a fake CWMP server to inject and execute arbitrary commands on Ruijie Reyee Cloud devices by exploiting unprotected HTTP polling requests. The vulnerability enables trivial man-in-the-middle attacks for remote code execution. The communication occurs via unencrypted channels, allowing interception of data transmitted between the device and the CWMP server. **Recommendations** ReyeeOS version 1.204.1614 should be updated to a newer version that contains a fix for this vulnerability.