Major Security Flaws in Ruijie Networks' Cloud Platform Could Expose 50,000 Devices to Remote Attacks
Cybersecurity researchers have uncovered multiple critical vulnerabilities in the cloud management platform used by Ruijie Networks, a prominent provider of networking solutions. These flaws, if exploited, could give attackers the ability to remotely take control of a wide range of network appliances, potentially impacting up to 50,000 cloud-connected devices.
Key Vulnerabilities Discovered
The vulnerabilities, identified by OT security experts at Claroty, affect both Ruijie’s Reyee platform and Reyee OS network devices. Among the 10 flaws discovered, three have been rated critical due to their potential to allow malicious actors to execute arbitrary code on affected devices.
-
CVE-2024-47547 (CVSS: 9.4) – This issue arises from a weak password recovery mechanism, leaving the system vulnerable to brute-force attacks and allowing attackers to bypass authentication.
-
CVE-2024-48874 (CVSS: 9.8) – A server-side request forgery (SSRF) vulnerability that could enable attackers to access Ruijie’s internal cloud services and infrastructure, potentially compromising the entire network.
-
CVE-2024-52324 (CVSS: 9.8) – This flaw stems from the use of a dangerous function that could let attackers send malicious MQTT messages, triggering arbitrary operating system commands on affected devices.
In addition to these critical vulnerabilities, CVE-2024-45722 (CVSS: 7.5) exposes an easily exploitable issue in MQTT authentication. By simply knowing the serial number of a device, attackers can gain access to the MQTT broker, retrieve a list of connected devices, and launch a variety of attacks, including denial-of-service and data manipulation.
Exploiting the Vulnerabilities: The "Open Sesame" Attack
One particularly concerning finding from Claroty's research is the "Open Sesame" attack. This method allows attackers to gain unauthorized access to a network device remotely via the cloud, even if they are in physical proximity. By intercepting Wi-Fi beacons from Ruijie access points, an attacker could obtain a device's serial number and leverage the flaws in MQTT communication to remotely execute arbitrary code.
This vulnerability, labeled CVE-2024-47146 (CVSS: 7.5), underscores the risk of devices being exploited even by attackers within range of the Wi-Fi network, making the attack both highly accessible and difficult to defend against.
Impact on Devices
The flaws identified by Claroty researchers could affect a variety of Ruijie’s devices, including routers and wireless access points, with around 50,000 devices potentially exposed to remote compromise. The ability to remotely execute arbitrary code or manipulate device functions poses significant risks, especially in enterprise environments or critical infrastructure where Ruijie’s devices are commonly deployed.
No User Action Required – Fixes Already Deployed
Ruijie Networks has responded swiftly to the security discovery. All the identified vulnerabilities have been patched, and the fixes have already been deployed to the cloud platform, meaning no user action is required to protect devices from these risks. However, the discovery highlights important lessons about the security of Internet of Things (IoT) and operational technology (OT) devices, which are increasingly being targeted due to their connectivity and low security barriers.
Broader Implications for IoT and OT Security
This disclosure follows a trend of growing security concerns surrounding connected devices, especially in critical network infrastructure. Similar vulnerabilities in other IoT devices, such as Skoda’s MIB3 infotainment system, have also been uncovered recently. These types of flaws demonstrate how easy it is for attackers to gain access to vulnerable systems and how damaging the consequences can be.
The discovery of the Ruijie vulnerabilities is a wake-up call for businesses and users alike to ensure they are regularly updating their devices, implementing strong authentication measures, and monitoring their networks for unusual activity. As more devices become cloud-enabled, the risk of widespread exploitation will only increase, making it essential for manufacturers to prioritize security in the development of IoT and OT products.
Conclusion
The recent discovery of vulnerabilities in Ruijie Networks’ cloud platform underscores the importance of secure device management in the age of IoT and cloud-connected systems. While patches have been issued, the potential for large-scale remote exploitation serves as a stark reminder of the risks that come with interconnected devices. Users and organizations relying on these devices should remain vigilant and proactive in securing their networks to mitigate the risks of future attacks.
Read More : Device hijacking may be possible due to a security vulnerability in Dahua IP cameras.
No comments:
Post a Comment