Cybersecurity experts have revealed a series of alarming vulnerabilities in Ruijie Networks’ cloud management platform that could potentially compromise tens of thousands of network devices. Researchers from Claroty have discovered a stunning array of security flaws that could allow malicious actors to gain unprecedented access to network infrastructure.
The Vulnerability
The investigation uncovered 10 critical security vulnerabilities, with three standing out as particularly dangerous:
- CVE-2024-47547: A weak password recovery mechanism vulnerable to brute force attacks
- CVE-2024-48874: A server-side request forgery (SSRF) vulnerability exposing internal cloud infrastructure
- CVE-2024-52324: A critical flaw allowing arbitrary operating system command execution
The “Open Sesame” Attack
Perhaps most concerning is the researchers’ development of an attack method dubbed “Open Sesame” (CVE-2024-47146). This sophisticated technique allows attackers in close physical proximity to intercept Wi-Fi beacons and extract device serial numbers, potentially leading to remote code execution.
Authentication and Access Risks
The research revealed a particularly troubling authentication vulnerability. By simply knowing a device’s serial number, attackers could:
- Break MQTT authentication
- Generate valid authentication credentials
- Perform denial-of-service attacks
- Send fabricated messages to cloud-connected devices
Potential Impact
Approximately 50,000 cloud-connected devices were potentially impacted by these security flaws. The vulnerabilities could have allowed attackers to:
- Execute arbitrary commands
- Disconnect devices
- Send false data to users
- Gain unauthorized network access
Resolution and Mitigation
Fortunately, Ruijie Networks has addressed these vulnerabilities following responsible disclosure. No additional user action is required, but the discovery highlights ongoing cybersecurity challenges in Internet of Things (IoT) devices.
“This is another example of the low barrier to entry for attackers in connected devices,” the Claroty researchers noted, emphasizing the critical nature of continuous security monitoring.
