Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could issue commands to other devices on behalf of Ruijie's cloud.

Related CVEs

CVE-2024-46874

Key Information

GHSA ID

GHSA-5ggp-fmj8-fxvf

Published

December 6, 2024 9:30 PM

Last Modified

December 6, 2024 9:30 PM

CVSS Score

9.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: July 28, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.