Home

Description

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically adjacent and sniffing the RAW WIFI signal.

PUBLISHED Reserved 2024-11-20 | Published 2024-12-06 | Updated 2024-12-06 | Assigner icscert




MEDIUM: 6.5CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

HIGH: 7.1CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-402

Product status

Default status
unaffected

2.206.x (custom) before 2.320.x
affected

Credits

Tomer Goldschmidt and Noam Moshe of Claroty Team82 reported these vulnerabilities to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-24-338-01

cve.org (CVE-2024-47146)

nvd.nist.gov (CVE-2024-47146)

Download JSON