CVE-2023-53881

HIGH

ReyeeOS 1.204.1614 - Man-In-The-Middle

Title source: llm

Description

ReyeeOS 1.204.1614 contains an unencrypted CWMP communication vulnerability that allows attackers to intercept and manipulate device communication through a man-in-the-middle attack. Attackers can create a fake CWMP server to inject and execute arbitrary commands on Ruijie Reyee Cloud devices by exploiting the unprotected HTTP polling requests.

Exploits (1)

exploitdb WORKING POC

by Riyan Firmansyah of Seclab · pythonremotehardware

https://www.exploit-db.com/exploits/51642

View Code ZIP pw:eip

References (3)

[Product, Broken Link] https://ruijienetworks.com

[Exploit] https://www.exploit-db.com/exploits/51642

[Third Party Advisory] https://www.vulncheck.com/advisories/reyeeos-man-in-the-middle-remote-code-execution-via-cwmp

Scores

CVSS v3 8.1

EPSS 0.0005

EPSS Percentile 16.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-319

Status published

Products (2)

Ruijie/ReyeeOS 1.204.1614

ruijienetworks/reyee_os 1.204.1614

Published Dec 15, 2025

Tracked Since Feb 18, 2026