eCommerceNews Australia - Technology news for digital commerce decision-makers
Australia
Guides
#
commerce systems
#
customer data platforms
#
data analytics
#
marketing technologies
#
payment technologies
Search
Story image
#
Network Security
#
IoT
#
Cybersecurity

Ten vulnerabilities found in Ruijie Reyee cloud platform

Yesterday
Author image
By Melania Watson, Interview Editor

Recent research by Claroty's Team82 has identified ten vulnerabilities within the Ruijie Networks Reyee cloud management platform and associated Reyee OS network devices.

Ruijie Networks is a provider of networking devices and cloud services, serving enterprises, educational institutions, government organisations, and service providers across 90 countries, including Australia.

Their devices are widely used in public places such as airports and shopping malls to provide free Wi-Fi access.

The vulnerabilities discovered could potentially be exploited by malicious actors to execute code on cloud-enabled devices. This exploitation may allow attackers to gain control over tens of thousands of devices, posing a significant risk to users.

Team82 elaborated on these vulnerabilities, stating: "We indeed did find 10 vulnerabilities that if exploited could expose every Ruijie-connected device and pose devastating consequences for its users." These weaknesses exemplify the security challenges inherent in internet-of-things (IoT) devices.

Additionally, Team82 has demonstrated a specific attack method termed "Open Sesame".

The attack involves an individual in close physical proximity exploiting leaked identifiers from Ruijie Reyee access points via the cloud, thereby executing arbitrary code and accessing the internal network of the device.

Detailing the attack, the researchers noted: "An attacker in close proximity to a Ruijie access point can sniff beacon messages from the device and leak the device serial number... We can then combine vulnerabilities we uncovered, especially in Ruijie's implementation of the MQTT communication protocol to impersonate the cloud and send a message to the target device." This message could include malicious operating system commands that expose the internal network of the device.

Ruijie Networks has responded to these findings by addressing the vulnerabilities in an update to its cloud infrastructure, negating the need for users to take any further action.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Why cloud-based Video Surveillance is the future for SMBs
Australian firms urged to tackle asset losses this Christmas
Retail & eCommerce trends in 2025: AI & loyalty focus
New AI tool SecureGPT launched to aid retail loss prevention
CrewAI joins Cloudera to boost enterprise AI capabilities
Top stories
Loyalty, CTV, ‘brandformance’: Three martech trends in 2025
The imperative of cybersecurity in manufacturing
Mike Cunningham appointed as MD of Optic Security Group
Peak performance in peak season: Leveraging EMM solutions for seamless operations
Jac+Jack reports 19% ecommerce growth via Pattern partnership