Beijing, December 26, 2024 – A massive vulnerability in Ruijie Networks’ cloud platform puts 50,000 devices at risk. Critical flaws allow hackers full control. Patches released, but concerns remain.
A startling vulnerability has left 50,000 cloud-connected devices at risk, exposing users to potentially devastating cyberattacks. Researchers at Claroty have uncovered 10 critical security flaws in Ruijie Networks’ cloud management platform, including a high-tech attack called “Open Sesame” that allows hackers to control network appliances remotely.
Among the most severe vulnerabilities are:
- Weak password recovery mechanisms (CVE-2024-47547, CVSS score: 9.4)
- Server-side request forgery (SSRF) (CVE-2024-48874, CVSS score: 9.8)
- Exploitation via MQTT messages (CVE-2024-52324, CVSS score: 9.8).
These flaws enable attackers to execute commands on any cloud-enabled device, granting full control over tens of thousands of devices.
Adding to the threat, hackers can intercept device serial numbers using Wi-Fi beacons, bypass authentication, and inject malicious commands.
This highlights the inherent weaknesses in IoT devices. They offer low barriers to entry yet pose deep network security risks.
Ruijie Networks has since issued patches for all identified vulnerabilities. However, the exposure of these devices underscores the urgent need for robust cybersecurity measures in IoT systems.
Other News At VPNRanks
Hey, wait!
Stay informed on the latest privacy updates, cybersecurity insights, and internet freedom news by following VPNRanks news daily! As your primary resource for critical updates in online security, we ensure you’re always in the know. Make VPNRanks your go-to guide for safeguarding your digital life!
