December 12, 2024 at 04:13PM
Ruijie Networks has patched 10 vulnerabilities in its Reyee cloud management platform, potentially allowing control of thousands of devices. Researchers from Claroty, who developed the “Open Sesame” attack, highlighted weaknesses in device authentication. This could enable attackers to impersonate the cloud platform and exploit connected devices, raising IoT security concerns.
### Meeting Takeaways on Ruijie Networks Vulnerabilities
1. **Vulnerabilities Identified**:
– Ruijie Networks addressed 10 vulnerabilities in its Reyee cloud management platform, critical for managing IoT devices globally.
2. **Open Sesame Attack**:
– Researchers from Claroty Team82 developed an attack called “Open Sesame,” exploiting vulnerabilities in Ruijie’s cloud management system to potentially take control of thousands of devices.
3. **Impact on Devices**:
– The vulnerabilities could allow attackers to execute remote code (RCE) on Ruijie devices, which are widely used in public Wi-Fi settings (airports, schools, malls) across over 90 countries.
4. **Severity of Vulnerabilities**:
– Three vulnerabilities received high CVSS scores (9 or higher):
– CVE-2024-47547: Weak password recovery (CVSS 9.4)
– CVE-2024-48874: Server-side request forgery (CVSS 9.8)
– CVE-2024-52324: Use of inherently dangerous function (CVSS 9.8)
5. **Potential Risk**:
– The vulnerabilities could enable attackers to impersonate the Ruijie cloud platform, gaining access to devices and internal networks and sending malicious payloads.
6. **Low-Profile Exploits Anticipated**:
– Rather than large-scale attacks, researchers predict threat actors may prefer targeted exploits to avoid detection and gain control over specific devices.
7. **Exploit Mechanism**:
– The attack requires close proximity to the targeted Ruijie devices. Attackers can sniff Wi-Fi network beacons to obtain serial numbers and exploit MQTT communication vulnerabilities to gain access.
8. **Research Significance**:
– The findings emphasize the security risks associated with cloud management of IoT devices and the potential consequences of insecure cloud connections.
9. **Action Taken**:
– Ruijie Networks has patched all identified vulnerabilities, highlighting the importance of timely security measures in device management.
10. **Future Implications**:
– Research findings serve to raise awareness about the vulnerabilities of cloud-based IoT systems and the potential impact on connected networks.
### Conclusion
The meeting underscored the critical security vulnerabilities in Ruijie Networks’ Reyee cloud platform and the significance of proactive measures in safeguarding connected devices against potential exploits. The insights from Claroty Team82 highlight the need for continuous monitoring and enhancement of cybersecurity strategies in IoT management.