The Insecure IoT Cloud Strikes Again: RCE on Ruijie Cloud-Connected Devices

> - Team82 has researched devices manufactured by Ruijie Networks and discovered 10 vulnerabilities in its Reyee cloud management platform > - These vulnerabilities affect both the Reyee platform, as well as Reyee OS network devices > - The vulnerabilities, if exploited, could allow a malicious attacker to execute code on any cloud-enabled device, giving them the ability to control tens of thousands of devices > - In addition, Team82 has devised an attack called Open Sesame, in which an attacker can pinpoint exploit a device in close physical proximity through the cloud, executing arbitrary code on it and gaining access to its internal network > - Ruijie has addressed all vulnerabilities in the cloud, and no action is required by users. > - We would like to acknowledge Ruijie Networks and CISA for their cooperation in addressing these issues, which enhances the protection of the Reyee OS platform.