CVE-2024-52324

Name of the Vulnerable Software and Affected Versions Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x

Description The issue is related to the use of an inherently dangerous function in Ruijie Reyee OS, which could allow an attacker to send a malicious MQTT message, resulting in devices executing arbitrary OS commands. This could enable remote attackers to execute commands on affected devices.

Recommendations For Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x, consider disabling the use of MQTT messages until a patch is available, as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.