Critical Flaws Endanger Ruijie Networks' Cloud Management Platform

2024-12-25

Security researchers at Claroty have uncovered a series of critical vulnerabilities within the cloud management platform developed by Ruijie Networks. These flaws could potentially grant attackers remote control over a vast number of network devices, including access points and other connected equipment.

The research revealed ten vulnerabilities, three of which are categorized as “Critical” due to their severe impact. These include a weak password recovery mechanism susceptible to brute-force attacks (CVE-2024-47547), a server-side request forgery vulnerability (CVE-2024-48874) that could be exploited to access internal Ruijie services, and the use of a dangerous function that allows attackers to execute arbitrary commands on devices via malicious MQTT messages (CVE-2024-52324).

Furthermore, researchers discovered that MQTT authentication could be easily bypassed by simply knowing the device’s serial number (CVE-2024-45722). This information could then be used to gain access to all cloud-connected devices’ serial numbers, enabling attackers to launch denial-of-service attacks, send fabricated messages, and even execute malicious commands on all affected devices.

An attack dubbed “Open Sesame” (CVE-2024-47146) demonstrates how an attacker in close physical proximity to a Wi-Fi network utilizing Ruijie access points can extract device serial numbers from Wi-Fi beacons and subsequently exploit MQTT vulnerabilities to achieve remote code execution.

Ruijie Networks has addressed all identified vulnerabilities, and no user action is required. However, an estimated 50,000 cloud-connected devices may have been potentially impacted by these critical flaws.

What Undercode Says:

This research highlights the growing threat posed by vulnerabilities in IoT devices and the critical importance of robust security measures within cloud-based management platforms. The ease with which attackers can exploit these flaws to gain control over large numbers of devices underscores the need for continuous security assessments and rapid remediation efforts.

The “Open Sesame” attack serves as a stark reminder of the potential risks associated with physical proximity attacks. As our reliance on interconnected devices continues to increase, it is crucial to implement multi-layered security defenses, including strong authentication mechanisms, regular security audits, and robust intrusion detection systems.

Furthermore, the discovery of vulnerabilities in automotive infotainment systems, as highlighted in the article, emphasizes the critical need for enhanced security measures within the rapidly evolving automotive industry. With the increasing integration of technology into vehicles, ensuring the safety and security of both drivers and passengers is paramount.

This incident serves as a crucial reminder for both device manufacturers and end-users to prioritize security in the design, development, and deployment of IoT devices. By proactively addressing security vulnerabilities and implementing best practices, we can mitigate the risks associated with increasingly interconnected systems and ensure a more secure digital future.