A critical vulnerability discovered in the Ruijie Networks cloud platform could potentially expose 50,000 devices to remote attacks.

A critical vulnerability discovered in the Ruijie Networks cloud platform could potentially expose 50,000 devices to remote attacks.
ThaiCERT Cybersecurity Articles

460/67 Friday, December 27, 2024

Cybersecurity researchers from Claroty have uncovered critical vulnerabilities in the cloud platform and networking devices of Ruijie Networks, potentially allowing attackers to gain control over more than 50,000 networking devices worldwide. Additionally, new flaws have been identified in the MIB3 infotainment system used in Skoda vehicles, enabling attackers to eavesdrop, track locations, and steal personal data.

Ruijie Networks Vulnerabilities

Claroty discovered 10 vulnerabilities in the Reyee platform and devices running the Reyee OS, three of which are particularly severe:

  1. CVE-2024-47547 (CVSS 9.4): Exploits a weak password recovery mechanism, making devices vulnerable to brute-force attacks.
  2. CVE-2024-48874 (CVSS 9.8): An SSRF vulnerability that allows attackers to access Ruijie’s cloud infrastructure.
  3. CVE-2024-52324 (CVSS 9.8): Enables attackers to send malicious commands to networking devices via MQTT.

An attack method dubbed “Open Sesame” further allows attackers near a Wi-Fi network to extract device serial numbers and hack into the cloud system, granting control over all devices in the network. While Ruijie Networks has updated its cloud platform to address these vulnerabilities, users are urged to ensure that devices run the latest firmware and implement additional security measures.

Skoda Infotainment System Vulnerabilities

In another case, PCAutomotive identified 12 vulnerabilities in the MIB3 infotainment system used in modern Skoda vehicles. These vulnerabilities enable attackers to:

  • Access the system via Bluetooth.
  • Escalate privileges to root.
  • Bypass secure boot.
  • Record audio using the car’s microphone.
  • Steal contact information.
  • Eavesdrop on conversations or track the vehicle’s location.

Moreover, these flaws allow attackers to exploit the vehicle’s VIN to access sensitive data such as mileage, top speeds, and travel history.

Implications for IoT and Automotive Security

The vulnerabilities in Ruijie Networks and Skoda highlight the risks inherent in IoT devices and automotive systems, which can be easily exploited if left unsecured. Companies using network devices and vehicle owners are strongly advised to regularly update software and enforce robust security configurations to mitigate the risks of cyberattacks.

Source https://thehackernews.com/2024/12/ruijie-networks-cloud-platform-flaws.html