CVE-2024-52324

CRITICAL Year: 2024
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-242
View all →

Vulnerability Description

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arbitrary OS commands.

Related Vulnerabilities

CVE-2017-1002157

CRITICAL
CVSS:9.8(Critical)

modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution.

CWE-2422017

CVE-2022-36310

HIGH
CVSS:8.8(High)

Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with SNMP write abilities to execute commands as root on the...

CWE-2422022

CVE-2017-0904

HIGH
CVSS:8.1(High)

The private_address_check ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, su...

CWE-2422017

CVE-2017-1002157

CRITICAL
CVSS:9.8(Critical)

modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution.

CWE-2422017

CVE-2022-36310

HIGH
CVSS:8.8(High)

Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with SNMP write abilities to execute commands as root on the...

CWE-2422022

CVE-2017-0904

HIGH
CVSS:8.1(High)

The private_address_check ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, su...

CWE-2422017