CVE-2024-46874

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01", "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could issue commands to other devices on behalf of Ruijie's cloud."}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-46874", "ASSIGNER": "ics-cert@hq.dhs.gov"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.1}}, "publishedDate": "2024-12-06T19:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:ruijienetworks:reyee_os:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.320.0", "versionStartIncluding": "2.206.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2024-12-10T19:49Z"}