The Insecure IoT Cloud Strikes Again: RCE on Ruijie Cloud-Connected Devices

Team82 disclosed ten vulnerabilities in Ruijie Networks' Reyee cloud platform and Reyee OS devices that allow an attacker to obtain remote code execution on cloud‑connected access points by leveraging serial-number-based credentials, MQTT authentication weaknesses and broker wildcard behavior; an attacker can mass-target devices or perform a localized "Open Sesame" attack by sniffing serial numbers from Wi‑Fi beacons to gain internal network access. Ruijie has reportedly addressed the vulnerabilities.