CVE-2024-45722

Name of the Vulnerable Software and Affected Versions Ruijie Reyee OS versions 2.206.x through 2.319.x

Description The issue is related to a weak credential mechanism used in the Ruijie Reyee OS, which could allow an attacker to easily calculate MQTT credentials. This could potentially permit a remote attacker to disclose credentials.

Recommendations For Ruijie Reyee OS versions 2.206.x through 2.319.x, consider disabling the use of MQTT credentials until a patch is available. As a temporary workaround, restrict access to the MQTT broker to minimize the risk of exploitation. Avoid using weak credential mechanisms in the Ruijie Reyee OS until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.