(Adobe Stock)
Nearly 50,000 Ruijie cloud-connected devices could be hijacked in attacks exploiting 10 security vulnerabilities in its Reyee cloud platform, all of which have already been patched, reports The Hacker News.
Most severe of the identified flaws were the critical server-side request forgery bug, tracked as CVE-2024-48874, inherently dangerous function vulnerability, tracked as CVE-2024-52324, and weak password recovery mechanism issue, tracked as CVE-2024-47547, according to an analysis from Claroty researchers.
Threat actors could also leverage the high-severity issue, tracked as CVE-2024-45722, to obtain the serial numbers and authentication credentials for all cloud-connected Ruijie devices, while another high-severity bug, tracked as CVE-2024-47146, could be exploited to enable remote code execution as part of an Open Sesame attack.
“This is another example of weaknesses in so-called internet-of-things devices such as wireless access points, routers, and other connected things that have a fairly low barrier to entry on to the device, yet enable much deeper network attacks,” said researchers.
Tom Spring
From healthcare to critical infrastructure, 2024 ransomware attacks redefined the stakes for lives, economies, and national security.
Steve Zurier
Government says hackers compromised a BeyondTrust API key to then access Treasury workstations and steal unclassified documents.
SC Staff
The U.S. Treasury Department was confirmed to have its computers and documents compromised by Chinese state-backed advanced persistent threat hackers in an attack targeted at its BeyondTrust Remote Support software-as-a-service instance just over a week after the BeyondTrust breach was initially reported, reports BleepingComputer.
On-Demand Event
On-Demand Event
On-Demand Event
By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.
Related Terms
You can skip this ad in 5 seconds
Copyright © 2024 CyberRisk Alliance, LLC All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.
Your use of this website constitutes acceptance of CyberRisk Alliance Privacy Policy and Terms of Use.
About The Author
More Stories
From Commitments to Practice: Internet Society’s Priorities for WSIS+20 Implementation
Final Results of the 2026 Internet Society Board of Trustees Elections and IETF Selections
Community Snapshot—March