CVE-2024-47791

Name of the Vulnerable Software and Affected Versions Ruijie Reyee OS versions 2.206.x through 2.320.x

Description The issue is related to the Ruijie MQTT broker in Ruijie Reyee OS, where an attacker could subscribe to partial possible topics and receive partial messages being sent to and from devices. This is due to the lack of measures to neutralize wildcard or matching symbols. Exploitation of this issue may allow a remote attacker to gain unauthorized access to protected information.

Recommendations For Ruijie Reyee OS versions 2.206.x through 2.320.x, consider disabling the MQTT broker functionality until a patch is available to prevent potential exploitation. Restrict access to the MQTT broker to minimize the risk of unauthorized access. Avoid using wildcard or matching symbols in topic subscriptions to reduce the vulnerability to partial message interception. At the moment, there is no information about a newer version that contains a fix for this vulnerability.