ruijienetworks CVE Vulnerabilities & CVE List (26)

Products (CPE): — CVEs: 26

ruijienetworks vulnerability overview

Aggregates CVE and security vulnerability intelligence across all ruijienetworks-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Disclosed issues often relate to vendor risk sql injection and vendor risk ssrf; exposure may include vendor impact data exposure in vendor surface software deployment and vendor surface production workloads contexts.

Vulnerability distribution trend (last 24 months)

Showing 120 of 26 CVEs
«« First « Prev Page 1 / 2 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2023-53881 ReyeeOS 1.204.1614 contains an unencrypted CWMP communication vulnerability that allows attackers to intercept and manipulate device communication through a man-in-the-middle attack. Attackers can create a fake CWMP server to inject and execute arbitrary commands on Ruijie Reyee Cloud devices by exploiting the unprotected HTTP polling requests. [email protected] 9.2 0.26% 2025-12-15 2026-06-17
CVE-2025-56077 OS Command Injection vulnerability in Ruijie RG-RAP2200(E) 247 2200 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua. [email protected] 8.8 2.58% 2025-12-11 2026-06-17
CVE-2020-36870 Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server authentication, or screen mirroring are enabled to gain access or execute commands on affected devices. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-02-05 UTC. [email protected] 9.2 0.76% 2025-11-07 2026-06-16
CVE-2024-52324 Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arbitrary OS commands. [email protected] 9.2 0.68% 2024-12-06 2026-06-17
CVE-2024-48874 Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud metadata services. [email protected] 9.3 0.59% 2024-12-06 2026-06-17
CVE-2024-47791 Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie MQTT broker, and receive partial messages being sent to and from devices. [email protected] 8.7 0.38% 2024-12-06 2026-06-17
CVE-2024-47146 Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically adjacent and sniffing the RAW WIFI signal. [email protected] 7.1 0.28% 2024-12-06 2026-06-17
CVE-2024-46874 Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could issue commands to other devices on behalf of Ruijie's cloud. [email protected] 9.2 0.40% 2024-12-06 2026-06-17
CVE-2024-45722 Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses weak credential mechanism that could allow an attacker to easily calculate MQTT credentials. [email protected] 8.7 0.46% 2024-12-06 2026-06-17
CVE-2024-51727 Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a feature that could enable attackers to invalidate a legitimate user's session and cause a denial-of-service attack on a user's account. [email protected] 7.1 0.50% 2024-12-06 2026-06-17
CVE-2024-47547 Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for its users to change their passwords which leaves authentication vulnerable to brute force attacks. [email protected] 9.3 0.66% 2024-12-06 2026-06-17
CVE-2024-47043 Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could enable an attacker to correlate a device serial number and the user's phone number and part of the email address. [email protected] 8.7 0.38% 2024-12-06 2026-06-17
CVE-2024-42494 Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a a feature that could enable sub accounts or attackers to view and exfiltrate sensitive information from all cloud accounts registered to Ruijie's services [email protected] 7.1 0.43% 2024-12-06 2026-06-17
CVE-2023-4415 A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/sys/login. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-237518 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. [email protected] 7.3 56.15% 2023-08-18 2026-06-17
CVE-2023-3608 A vulnerability was found in Ruijie BCR810W 2.5.10. It has been rated as critical. This issue affects some unknown processing of the component Tracert Page. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-233477 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. [email protected] 4.7 12.19% 2023-07-10 2026-06-17
CVE-2023-27796 RG-EW1200G PRO Wireless Routers EW_3.0(1)B11P204, RG-EW1800GX PRO Wireless Routers EW_3.0(1)B11P204, and RG-EW3200GX PRO Wireless Routers EW_3.0(1)B11P204 were discovered to contain multiple command injection vulnerabilities via the data.ip, data.protocal, data.iface and data.package parameters in the runPackDiagnose function of diagnose.lua. [email protected] 8.8 2.35% 2023-03-26 2026-06-17
CVE-2023-26800 Ruijie Networks RG-EW1200 Wireless Routers EW_3.0(1)B11P204 was discovered to contain a command injetion vulnerability via the params.path parameter in the upgradeConfirm function. [email protected] 9.8 1.04% 2023-03-26 2026-06-17
CVE-2022-33128 RG-EG series gateway EG350 EG_RGOS 11.1(6) was discovered to contain a SQL injection vulnerability via the function get_alarmAction at /alarm_pi/alarmService.php. [email protected] 9.1 0.83% 2022-06-24 2026-06-17
CVE-2021-43164 A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the updateVersion function in /cgi-bin/luci/api/wireless. [email protected] 8.8 33.95% 2022-05-03 2026-07-08
CVE-2021-43163 A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the checkNet function in /cgi-bin/luci/api/auth. [email protected] 9.8 1.93% 2022-05-03 2026-07-08
«« First « Prev Page 1 / 2 Next »
cvelogic Threat Intelligence