CVE-2023-53881 — HIGH (8.1)

Vulnerability Description

ReyeeOS 1.204.1614 contains an unencrypted CWMP communication vulnerability that allows attackers to intercept and manipulate device communication through a man-in-the-middle attack. Attackers can create a fake CWMP server to inject and execute arbitrary commands on Ruijie Reyee Cloud devices by exploiting the unprotected HTTP polling requests.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ruijienetworks	Reyee Os	1.204.1614

Related Weaknesses (CWE)

CWE-319

References

https://ruijienetworks.comProductBroken Link
https://www.exploit-db.com/exploits/51642Exploit
https://www.vulncheck.com/advisories/reyeeos-man-in-the-middle-remote-code-execuThird Party Advisory

FAQ

What is CVE-2023-53881?

CVE-2023-53881 is a vulnerability with a CVSS score of 8.1 (HIGH). ReyeeOS 1.204.1614 contains an unencrypted CWMP communication vulnerability that allows attackers to intercept and manipulate device communication through a man-in-the-middle attack. Attackers can cre...

How severe is CVE-2023-53881?

CVE-2023-53881 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-53881?

Check the references section above for vendor advisories and patch information. Affected products include: Ruijienetworks Reyee Os.