CVE-2024-42936

CVE-2024-42936 is a critical remote code execution (RCE) vulnerability (CVSS 3.1 score of 9.8) affecting the mqlink.elf service component in the Ruijie RG-EW300N router running ReyeeOS firmware version 1.300.1422. The flaw, classified under CWE-94 (code injection), arises from insufficient validation of MQTT broker messages, allowing attackers to inject and execute arbitrary code remotely. It was published on January 21, 2025.

An unauthenticated attacker with network access can exploit this vulnerability with low complexity and no user interaction required (AV:N/AC:L/PR:N/UI:N). Successful exploitation grants high-impact confidentiality, integrity, and availability compromise (C:H/I:H/A:H) through RCE, potentially enabling full device takeover, data exfiltration, or use as a pivot point in larger network attacks.

Advisories and mitigation details are available in the referenced GitHub gist (https://gist.github.com/smrx86/2008111b12ab47882b3928d0cbc9e415), which likely includes exploit proof-of-concept and further technical analysis. Practitioners should check for firmware updates from Ruijie and apply network segmentation or MQTT traffic filtering as interim measures.