Vulnerability Exploits

Ruijie Networks' Cloud Platform Flaws Could Expose 50,000 Devices to Remote Attacks

Latest News on Ruijie Networks Cloud Platform Vulnerabilities 2024:

Security Flaws in Ruijie Networks' Cloud Platform:
- Cybersecurity researchers have discovered several critical vulnerabilities in the cloud management platform developed by Ruijie Networks. These flaws could permit an attacker to take control of network appliances, potentially affecting tens of thousands of devices1 2 3.
Open Sesame Attack:
- The "Open Sesame" attack, which has been assigned the CVE identifier CVE-2024-47146, allows an attacker physically adjacent to a Wi-Fi network using Ruijie access points to extract the device's serial number. This information can then be used to exploit other MQTT communication vulnerabilities, achieving remote code execution1 2 4.
CVE Vulnerabilities:
- The identified vulnerabilities include:
  - CVE-2024-47547 (CVSS score of 9.4): A weak password recovery mechanism vulnerable to brute force attacks1.
  - CVE-2024-48874 (CVSS score of 9.8): A server-side request forgery (SSRF) vulnerability that could be exploited to access internal services via AWS cloud metadata services1.
  - CVE-2024-52324 (CVSS score of 9.8): The use of an inherently dangerous function that could allow an attacker to send a malicious MQTT message, resulting in devices executing arbitrary operating system commands1.
  - CVE-2024-45722 (CVSS score of 7.5): Breaking MQTT authentication by knowing the device's serial number, which can be used to generate valid authentication credentials for all cloud-connected devices1.
Impact and Mitigation:
- The vulnerabilities were identified by Claroty researchers, who also devised the "Open Sesame" attack. Following responsible disclosure, Ruijie Networks has fixed all identified shortcomings, and no user action is required. Approximately 50,000 cloud-connected devices were potentially impacted by these bugs1 2 3.
Context in IoT Security:
- This discovery highlights weaknesses in IoT devices such as wireless access points and routers, which have a low barrier to entry but enable deeper network attacks. It underscores the need for robust security measures in IoT ecosystems1 2.

These findings emphasize the importance of continuous security monitoring and patching in cloud and IoT environments to prevent such vulnerabilities from being exploited.

Vulnerable Moxa devices expose industrial networks to attacks

Latest News on Moxa Devices Vulnerabilities Moxa Security Advisory: CVE-2024-9138 and CVE-2024-9140 Moxa, a leading provider of industrial networking and communication solutions, has issued a security advisory regarding two critical vulnerabilities affecting their cellular routers, secure routers, and network security appliances1. The vulnerabilities, identified as CVE-2024-9138 and CVE-2024-9140, have a

Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution

A high-severity security flaw, tracked as CVE-2024-43405, has been disclosed in ProjectDiscovery's Nuclei, a widely-used open-source vulnerability scanner. This vulnerability allows attackers to bypass signature checks and potentially execute malicious code13. Key Highlights: * Vulnerability Description: The vulnerability stems from a discrepancy between how the signature verification process and

LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers

The latest news on the LDAP vulnerability PoC exploit, specifically CVE-2024-49112, involves a critical remote code execution (RCE) flaw in Windows Lightweight Directory Access Protocol (LDAP) clients. Here are the key details: CVE-2024-49112 Overview Vulnerability Description: CVE-2024-49112 is a critical vulnerability in Windows LDAP clients that allows remote code execution.

Read next