CVE-2024-48874 Ruijie CVE debrief

Who should care

Organizations deploying Ruijie Reyee OS devices in enterprise or industrial networks, particularly those with AWS cloud integration or sensitive internal services accessible from device networks.

Technical summary

The vulnerability exists in Ruijie Reyee OS versions 2.206.x through 2.319.x, where insufficient validation of proxy requests allows attackers to coerce Ruijie's proxy servers into performing arbitrary requests. This server-side request forgery (SSRF) capability enables access to internal services and AWS Instance Metadata Service (IMDS), potentially exposing cloud credentials and internal infrastructure. The attack vector is network-based with low privileges required, though attack complexity is high. Ruijie has implemented cloud-side remediation eliminating the need for firmware updates by end users.

Defensive priority

HIGH

Recommended defensive actions

• Verify Ruijie Reyee OS device firmware version is 2.320.x or later, or confirm cloud-side fix has been applied
• Monitor network traffic from Ruijie devices for unexpected outbound connections to internal or cloud metadata services
• Review AWS IAM policies and instance metadata service configurations for any exposed credentials
• Apply network segmentation to isolate Ruijie devices from sensitive internal infrastructure
• Subscribe to CISA ICS advisories for future updates on this vulnerability

Evidence notes

Vulnerability confirmed through CISA CSAF advisory ICSA-24-338-01. Affected versions explicitly documented as 2.206.x up to but not including 2.320.x. Vendor remediation confirmed as cloud-side fix with no user action required.

Official resources