Vulnerabilities > Ruijienetworks > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-12-06 CVE-2024-46874 Unspecified vulnerability in Ruijienetworks Reyee OS
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics.
network
low complexity
ruijienetworks
critical
 9.9
9.9
2024-12-06 CVE-2024-48874 Unspecified vulnerability in Ruijienetworks Reyee OS
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose.
network
low complexity
ruijienetworks
critical
 9.8
9.8
2024-12-06 CVE-2024-52324 Unspecified vulnerability in Ruijienetworks Reyee OS
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arbitrary OS commands.
network
low complexity
ruijienetworks
critical
 9.8
9.8
2024-12-06 CVE-2024-47547 Unspecified vulnerability in Ruijienetworks Reyee OS
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for its users to change their passwords which leaves authentication vulnerable to brute force attacks.
network
low complexity
ruijienetworks
critical
 9.8
9.8
2023-03-26 CVE-2023-26800 Command Injection vulnerability in Ruijienetworks products
Ruijie Networks RG-EW1200 Wireless Routers EW_3.0(1)B11P204 was discovered to contain a command injetion vulnerability via the params.path parameter in the upgradeConfirm function.
network
low complexity
ruijienetworks CWE-77
critical
 9.8
9.8
2022-06-25 CVE-2022-33128 SQL Injection vulnerability in Ruijienetworks Rg-Eg350 Firmware Egrgos11.1(6)
RG-EG series gateway EG350 EG_RGOS 11.1(6) was discovered to contain a SQL injection vulnerability via the function get_alarmAction at /alarm_pi/alarmService.php.
network
low complexity
ruijienetworks CWE-89
critical
 9.1
9.1
2022-05-04 CVE-2021-43163 Command Injection vulnerability in Ruijienetworks Reyeeos
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the checkNet function in /cgi-bin/luci/api/auth.
network
low complexity
ruijienetworks CWE-77
critical
 9.8
9.8
2022-05-02 CVE-2022-27982 Unspecified vulnerability in Ruijienetworks Rg-Nbr2100G-E Firmware
RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain a remote code execution (RCE) vulnerability via the fileName parameter at /guest_auth/cfg/upLoadCfg.php.
network
low complexity
ruijienetworks
critical
 9.8
9.8