CVE-2024-42936

Published: Jan 21, 2025Modified: Dec 15, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The mqlink.elf is service component in Ruijie RG-EW300N with firmware ReyeeOS 1.300.1422 is vulnerable to Remote Code Execution via a modified MQTT broker message.

Affected (1)

Products: Ruijie: Reyee Os

Ruijie

1 product

Reyee Os

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruijie Reyee Os	Version 1.300.1422

Running on/with	Platform Versions
Ruijie Rg Ew300n	All versions

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (1)

https://gist.github.com/smrx86/2008111b12ab47882b3928d0cbc9e415

Source: cve@mitre.org

ExploitThird Party Advisory

Timeline

No history available yet.