CVE-2024-52324 Ruijie CVE debrief

Who should care

Organizations deploying Ruijie Reyee OS-based network infrastructure including switches, access points, and gateways; managed service providers operating Ruijie equipment; industrial control system operators using Reyee OS devices in OT networks; security teams responsible for IoT and network infrastructure asset protection.

Technical summary

The vulnerability exists in Ruijie Reyee OS MQTT message processing where an inherently dangerous function permits OS command execution through crafted MQTT payloads. Affected versions span 2.206.x through 2.319.x (exclusive of 2.320.x). CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H indicates network attack vector, low complexity, no privileges required, no user interaction, with high impact across confidentiality, integrity, and availability. The attack surface is the device's MQTT broker interface, typically exposed for cloud management and device orchestration.

Defensive priority

critical

Recommended defensive actions

• Verify device firmware version against affected range (2.206.x to 2.319.x)
• Confirm vendor cloud fix deployment status through Ruijie support channels
• Monitor MQTT traffic to affected devices for anomalous message patterns
• Segment IoT/network infrastructure devices from critical business networks per ICS-CERT recommended practices
• Apply network access controls restricting MQTT broker exposure to authorized systems only
• Review device logs for indicators of unauthorized command execution

Evidence notes

CISA published initial advisory ICSA-24-338-01 on 2024-12-03 with CVSS 3.1 score 9.8 (Critical). Update A released 2024-12-10 revised CVSS scoring. Vendor reports cloud-based fix deployed with no end-user action required.

Official resources