Security Vulnerabilities - CVEs Published In 2024
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically adjacent and sniffing the RAW WIFI signal.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-12-06
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie MQTT broker, and receive partial messages being sent to and from devices.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-12-06
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud metadata services.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-12-06
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for its users to change their passwords which leaves authentication vulnerable to brute force attacks.
CVSS Score
9.4
EPSS Score
0.002
Published
2024-12-06
PhpGurukul Medical Card Generation System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/search-medicalcard.php via the searchdata parameter.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-12-06
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a feature that could enable attackers to invalidate a legitimate user's session and cause a denial-of-service attack on a user's account.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-12-06
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a a feature that could enable sub accounts or attackers to view and exfiltrate sensitive information from all cloud accounts registered to Ruijie's services
CVSS Score
6.5
EPSS Score
0.001
Published
2024-12-06
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could enable an attacker to correlate a device serial number and the user's phone number and part of the email address.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-12-06
A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-12-06
A Reflected Cross Site Scripting (XSS) vulnerability was found in /covidtms/registered-user-testing.php in PHPGurukul COVID 19 Testing Management System 1.0 which allows remote attackers to execute arbitrary code via the regmobilenumber parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-12-06