| Category | Details |
|---|---|
| Threat Actors | Unknown malicious attackers exploiting vulnerabilities in Ruijie Networks’ cloud platform and Skoda’s MIB3 infotainment unit. |
| Campaign Overview | Exploitation of vulnerabilities in Ruijie Networks’ Reyee platform and Skoda MIB3 infotainment units to gain unauthorized access, execute remote code, or disrupt services. |
| Target Regions (Victims) | Cloud-connected Ruijie network devices globally (~50,000 devices potentially impacted); Skoda vehicles equipped with MIB3 infotainment units. |
| Methodology | – Exploitation of weak password recovery, SSRF, and MQTT vulnerabilities in Ruijie devices. – Physical proximity attacks to extract device serial numbers. – Chaining multiple vulnerabilities in Skoda vehicles to achieve code execution, track vehicles, and exfiltrate data. |
| Product Targeted | – Ruijie Networks’ Reyee platform and devices. – Skoda vehicles with MIB3 infotainment systems. |
| Malware Reference | Not specified, though vulnerabilities enable malicious code execution and remote control. |
| Tools Used | MQTT communication, Wi-Fi beacon interception, SSRF techniques, and Bluetooth-based attacks in Skoda systems. |
| Vulnerabilities Exploited | – Ruijie: CVE-2024-47547, CVE-2024-48874, CVE-2024-52324, CVE-2024-45722, CVE-2024-47146. – Skoda: CVE-2023-28902 to CVE-2023-29113 (12 flaws), CVE-2023-28895 to CVE-2023-28901 (9 flaws). |
| TTPs | – Exploitation of cloud-based vulnerabilities for unauthorized access and control. – Proximity-based attacks to intercept device details. – Chaining vulnerabilities for privilege escalation, persistent code execution, and data exfiltration. |
| Attribution | No specific attribution provided; attackers leverage publicly disclosed flaws in IoT devices. |
| Recommendations | – Update to patched versions of Ruijie cloud devices and Skoda MIB3 infotainment units. – Employ stronger authentication mechanisms for IoT devices. – Secure communication protocols to prevent interception. – Monitor IoT devices for abnormal behavior. – Educate users on risks associated with vulnerable connected devices. |
| Source | The Hackers News |
Read full article: https://thehackernews.com/2024/12/ruijie-networks-cloud-platform-flaws.html
The above summary has been generated by an AI language model
Leave a Reply