QwikSec

Security Database

CVE

CWE

Training

CVE-2023-53881

Published: Dec 15, 2025

Modified: Apr 7, 2026

PUBLISHED

Description

ReyeeOS 1.204.1614 contains an unencrypted CWMP communication vulnerability that allows attackers to intercept and manipulate device communication through a man-in-the-middle attack. Attackers can create a fake CWMP server to inject and execute arbitrary commands on Ruijie Reyee Cloud devices by exploiting the unprotected HTTP polling requests.

Vendor	Product	Versions
Ruijie	ReyeeOS	affected `1.204.1614`

Weaknesses (CWE)

References

ExploitDB-51642

exploit

Ruijie Networks Vendor Hompage

product

VulnCheck Advisory: ReyeeOS 1.204.1614 Man-in-the-Middle Remote Code Execution via CWMP

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.