ReyeeOS Unencrypted CWMP Communication Vulnerability Allowing Man-in-the-Middle Remote Code Execution

A vulnerability in ReyeeOS version 1.204.1614 allows for unencrypted CWMP communication, enabling man-in-the-middle attacks. Exploiting this flaw, attackers can intercept and manipulate device communications by creating a fake CWMP server that injects and executes arbitrary commands on affected Ruijie Reyee Cloud devices. The vulnerability arises from unprotected HTTP polling requests from the devices to the CWMP server.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected device.

Reproduction

To reproduce this vulnerability, set up a fake CWMP server that intercepts unencrypted HTTP requests. When a Ruijie Reyee Cloud device sends a polling request to the CWMP server, the fake server can respond with injected commands that the device will execute.