Security researchers have uncovered multiple critical vulnerabilities in Ruijie Networks' cloud management platform that could allow attackers to remotely control thousands of network devices.
The investigation by Claroty's research team revealed 10 security flaws affecting both the Reyee platform and Reyee OS network devices. Among these, three vulnerabilities were classified as critical, with severity scores ranging up to 9.8 out of 10.
The most severe issues include a weak password recovery system, a server-side request forgery vulnerability that could expose internal cloud infrastructure, and a dangerous function allowing arbitrary command execution through malicious MQTT messages.
Researchers also developed an attack method dubbed "Open Sesame" that could compromise access points through the cloud by exploiting device serial numbers. This attack works by intercepting Wi-Fi beacons from nearby Ruijie access points and using the captured serial numbers to gain unauthorized network access.
The investigation uncovered that knowing a device's serial number could allow attackers to:
- Break MQTT authentication
- Access message queues for all cloud-connected devices
- Execute malicious commands across the network
- Perform denial-of-service attacks
- Send false data to device users
An estimated 50,000 cloud-connected devices were potentially vulnerable to these security flaws. However, Ruijie Networks has addressed all identified vulnerabilities through cloud-side patches, requiring no action from end users.
The discoveries highlight ongoing security challenges with Internet of Things devices, where seemingly minor access points can lead to extensive network compromises. As connected devices become more prevalent, such vulnerabilities pose increasing risks to network security.