CVE-2024-45722
📋 TL;DR
This vulnerability in Ruijie Reyee OS allows attackers to easily calculate MQTT credentials due to weak credential mechanisms. Affected systems include Ruijie Reyee OS versions 2.206.x through 2.319.x, potentially exposing network devices to unauthorized access.
💻 Affected Systems
- Ruijie Reyee OS
📦 What is this software?
Reyee Os by Ruijienetworks
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of network devices, allowing attackers to intercept or manipulate MQTT communications, reconfigure network settings, or pivot to other systems.
Likely Case
Unauthorized access to MQTT broker, enabling attackers to monitor network traffic, extract sensitive information, or disrupt MQTT-based services.
If Mitigated
Limited impact if strong network segmentation, access controls, and monitoring are in place to detect and block unauthorized MQTT connections.
🎯 Exploit Status
The vulnerability involves weak credential calculation that can be easily reverse-engineered, making exploitation straightforward.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.320.x and later
Vendor Advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01
Restart Required: Yes
Instructions:
1. Check current Reyee OS version. 2. Download and install version 2.320.x or later from Ruijie support. 3. Reboot the device after installation. 4. Verify the update was successful.
🔧 Temporary Workarounds
Disable MQTT Service
allTemporarily disable MQTT services if not required for operation.
# Check Reyee OS documentation for MQTT disable commands
Network Segmentation
allIsolate affected devices in separate network segments with strict firewall rules.
# Configure firewall to restrict MQTT port 1883/8883 access
🧯 If You Can't Patch
- Implement strict network access controls to limit MQTT traffic to trusted sources only.
- Monitor MQTT connections and logs for unauthorized access attempts.
🔍 How to Verify
Check if Vulnerable:
Check the Reyee OS version via device web interface or CLI. If version is between 2.206.x and 2.319.x, the device is vulnerable.Check Version:
# Check Reyee OS documentation for version check commandVerify Fix Applied:
After patching, verify the OS version is 2.320.x or later and test MQTT credential generation mechanisms.📡 Detection & Monitoring
Log Indicators:
- Unauthorized MQTT connection attempts
- Failed authentication logs from MQTT broker
- Unexpected MQTT topic subscriptions or publications
Network Indicators:
- Unusual MQTT traffic patterns
- Connections to MQTT port 1883/8883 from untrusted sources
SIEM Query:
source="reyee_os" AND (event="mqtt_auth_failure" OR event="mqtt_connection")