Vulnerabilites related to commscope - ruckus_t350c
Vulnerability from fkie_nvd
Published
2025-07-21 15:15
Modified
2025-08-05 17:18
Severity ?
Summary
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where an authenticated request to the management endpoint `/admin/_cmdstat.jsp` discloses the administrator password in a trivially reversible obfuscated form. The same obfuscation method persists in configuration prior to 200.18.7.1.302, allowing anyone who obtains the system configuration to recover the plaintext credentials.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://sector7.computest.nl/post/2025-07-ruckus-unleashed/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://support.ruckuswireless.com/security_bulletins/330 | Product |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8933A8DB-2169-4969-857D-65FCC5A2687E",
"versionEndExcluding": "200.15.6.212.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF7ACF7-77A1-497E-991F-F8015017FF6B",
"versionEndExcluding": "200.17.7.0.139",
"versionStartIncluding": "200.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_zonedirector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31CEC229-C1CD-471D-93EC-BF4629393864",
"versionEndExcluding": "10.5.1.0.279",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:commscope:ruckus_c110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84B1EC30-ACC3-4141-A149-F2C912AEDC2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_e510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CB277A-B51A-4EF6-9B60-26E42DB466A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDE59EC-811F-4A5E-A4DE-C3289D8A049A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37C8E333-5C44-44BB-842F-FCDA8D8D5831",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CABADA0-2CC3-4218-BE64-7014F21166CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC533A1-7998-4363-9D94-E1472F22DE87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75F9B4E2-6E5B-4C96-A46F-06450BB81E68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510-jp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "028EEF4A-5A5B-4662-A5AA-B027EF66DF2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA2F043-9743-4FC9-AF74-20FAC503C2F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D165B27E-AA69-446F-916F-AF26E30510CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD23474-CBFE-4575-A2DA-431C0D74E2EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r350e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "208776B7-AC2A-445F-A26F-5C072EFEED0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB605D38-A71B-44FF-909D-D34348491EA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54D2D26C-E53C-41E2-9EB7-653CBF5A49E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E547E2A0-86E7-438C-9602-A2ECB247A84C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A5E2C5-E261-4FA6-AB5E-D651110C80CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44C800DC-82C3-4240-B2C0-18433FED4E3B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1677A804-8DE7-4191-8E84-9ADAE9E8269E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22845768-F360-46EC-BB48-2A68A4B6A2C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89E38958-2FEB-4945-81E0-522BD1136D26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r730:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D8F47E7-791A-44E8-A62C-B4D0F4AF80BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2A5668-2EDB-4E93-A4FA-88FCBCC057B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "473AC82B-6A00-4076-A043-E4854DA09C3E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "554AE543-CC27-4109-9F0C-E17BF2A4E22F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E815A2-09BC-4FF8-B38C-8857E626ACA1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0777F3E0-7F95-49B4-B488-5550FF922E9E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A4DF46-52A7-4F47-B9EB-8F3A1D0261DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0D8BF0-5736-44F7-8B9C-6BDCF97FF5C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCA0728-C62C-429B-ABA0-A8F853543A0F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDB7F8C-9DF1-47B4-8E82-95003744CC0B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4ED697-139A-4679-85D5-3992DEA8BB44",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5F3A97-6FC5-4592-8304-43070120AA3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE01A53-D787-4240-BF0F-EDC8BF51D6D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E23CE29C-210E-44C0-B4CF-01F2889B671D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t710s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7A8265-2895-42FF-BF64-76C73CF67112",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29911530-47EC-4865-9965-72D101827F1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C83392A-1656-473F-9F08-C3CC89FDF3FA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t811-cm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C49E0DC-A33C-43F3-9278-5341C1842FA6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t811-cm_\\(non-sfp\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFDE6F6D-DC10-4C72-BDEC-0B1CB7DCCEA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:zonedirector_1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AB4E62C-2532-41A9-9F1E-737D3E4DD008",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where an authenticated request to the management endpoint `/admin/_cmdstat.jsp` discloses the administrator password in a trivially reversible obfuscated form. The same obfuscation method persists in configuration prior to 200.18.7.1.302, allowing anyone who obtains the system configuration to recover the plaintext credentials."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en CommScope Ruckus Unleashed anterior a la versi\u00f3n 200.15.6.12.304, donde una solicitud autenticada al endpoint de administraci\u00f3n `/admin/_cmdstat.jsp` revela la contrase\u00f1a del administrador en una forma ofuscada f\u00e1cilmente reversible. El mismo m\u00e9todo de ofuscaci\u00f3n persiste en la configuraci\u00f3n anterior a la versi\u00f3n 200.18.7.1.302, lo que permite que cualquiera que obtenga la configuraci\u00f3n del sistema recupere las credenciales de texto plano."
}
],
"id": "CVE-2025-46119",
"lastModified": "2025-08-05T17:18:27.460",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-07-21T15:15:28.047",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sector7.computest.nl/post/2025-07-ruckus-unleashed/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://support.ruckuswireless.com/security_bulletins/330"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-555"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-21 15:15
Modified
2025-08-05 17:18
Severity ?
Summary
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates outside permitted directories, allowing a remote unauthenticated attacker who can upload a template (e.g., via FTP) to escalate privileges and run arbitrary template code on the controller.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://sector7.computest.nl/post/2025-07-ruckus-unleashed/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://support.ruckuswireless.com/security_bulletins/330 | Product |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8933A8DB-2169-4969-857D-65FCC5A2687E",
"versionEndExcluding": "200.15.6.212.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF7ACF7-77A1-497E-991F-F8015017FF6B",
"versionEndExcluding": "200.17.7.0.139",
"versionStartIncluding": "200.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_zonedirector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31CEC229-C1CD-471D-93EC-BF4629393864",
"versionEndExcluding": "10.5.1.0.279",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:commscope:ruckus_c110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84B1EC30-ACC3-4141-A149-F2C912AEDC2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_e510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CB277A-B51A-4EF6-9B60-26E42DB466A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDE59EC-811F-4A5E-A4DE-C3289D8A049A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37C8E333-5C44-44BB-842F-FCDA8D8D5831",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CABADA0-2CC3-4218-BE64-7014F21166CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC533A1-7998-4363-9D94-E1472F22DE87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75F9B4E2-6E5B-4C96-A46F-06450BB81E68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510-jp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "028EEF4A-5A5B-4662-A5AA-B027EF66DF2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA2F043-9743-4FC9-AF74-20FAC503C2F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D165B27E-AA69-446F-916F-AF26E30510CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD23474-CBFE-4575-A2DA-431C0D74E2EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r350e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "208776B7-AC2A-445F-A26F-5C072EFEED0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB605D38-A71B-44FF-909D-D34348491EA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54D2D26C-E53C-41E2-9EB7-653CBF5A49E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E547E2A0-86E7-438C-9602-A2ECB247A84C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A5E2C5-E261-4FA6-AB5E-D651110C80CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44C800DC-82C3-4240-B2C0-18433FED4E3B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1677A804-8DE7-4191-8E84-9ADAE9E8269E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22845768-F360-46EC-BB48-2A68A4B6A2C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89E38958-2FEB-4945-81E0-522BD1136D26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r730:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D8F47E7-791A-44E8-A62C-B4D0F4AF80BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2A5668-2EDB-4E93-A4FA-88FCBCC057B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "473AC82B-6A00-4076-A043-E4854DA09C3E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "554AE543-CC27-4109-9F0C-E17BF2A4E22F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E815A2-09BC-4FF8-B38C-8857E626ACA1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0777F3E0-7F95-49B4-B488-5550FF922E9E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A4DF46-52A7-4F47-B9EB-8F3A1D0261DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0D8BF0-5736-44F7-8B9C-6BDCF97FF5C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCA0728-C62C-429B-ABA0-A8F853543A0F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDB7F8C-9DF1-47B4-8E82-95003744CC0B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4ED697-139A-4679-85D5-3992DEA8BB44",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5F3A97-6FC5-4592-8304-43070120AA3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE01A53-D787-4240-BF0F-EDC8BF51D6D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E23CE29C-210E-44C0-B4CF-01F2889B671D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t710s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7A8265-2895-42FF-BF64-76C73CF67112",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29911530-47EC-4865-9965-72D101827F1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C83392A-1656-473F-9F08-C3CC89FDF3FA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t811-cm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C49E0DC-A33C-43F3-9278-5341C1842FA6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t811-cm_\\(non-sfp\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFDE6F6D-DC10-4C72-BDEC-0B1CB7DCCEA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:zonedirector_1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AB4E62C-2532-41A9-9F1E-737D3E4DD008",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates outside permitted directories, allowing a remote unauthenticated attacker who can upload a template (e.g., via FTP) to escalate privileges and run arbitrary template code on the controller."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en CommScope Ruckus Unleashed anterior a 200.14.6.1.203 y en Ruckus ZoneDirector, donde una falla de Path-Traversal en la interfaz web permite que el servidor ejecute plantillas EJS proporcionadas por el atacante fuera de los directorios permitidos, lo que permite que un atacante remoto no autenticado que puede cargar una plantilla (por ejemplo, a trav\u00e9s de FTP) escale privilegios y ejecute c\u00f3digo de plantilla arbitrario en el controlador."
}
],
"id": "CVE-2025-46120",
"lastModified": "2025-08-05T17:18:32.627",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-07-21T15:15:28.157",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sector7.computest.nl/post/2025-07-ruckus-unleashed/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://support.ruckuswireless.com/security_bulletins/330"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-21 15:15
Modified
2025-08-05 17:18
Severity ?
Summary
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279, where hard-coded credentials for the ftpuser account provide FTP access to the controller, enabling a remote attacker to upload or retrieve arbitrary files from writable firmware directories and thereby expose sensitive information or compromise the controller.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://sector7.computest.nl/post/2025-07-ruckus-unleashed/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://support.ruckuswireless.com/security_bulletins/330 | Product |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8933A8DB-2169-4969-857D-65FCC5A2687E",
"versionEndExcluding": "200.15.6.212.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF7ACF7-77A1-497E-991F-F8015017FF6B",
"versionEndExcluding": "200.17.7.0.139",
"versionStartIncluding": "200.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_zonedirector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31CEC229-C1CD-471D-93EC-BF4629393864",
"versionEndExcluding": "10.5.1.0.279",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:commscope:ruckus_c110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84B1EC30-ACC3-4141-A149-F2C912AEDC2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_e510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CB277A-B51A-4EF6-9B60-26E42DB466A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDE59EC-811F-4A5E-A4DE-C3289D8A049A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37C8E333-5C44-44BB-842F-FCDA8D8D5831",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CABADA0-2CC3-4218-BE64-7014F21166CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC533A1-7998-4363-9D94-E1472F22DE87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75F9B4E2-6E5B-4C96-A46F-06450BB81E68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510-jp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "028EEF4A-5A5B-4662-A5AA-B027EF66DF2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA2F043-9743-4FC9-AF74-20FAC503C2F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D165B27E-AA69-446F-916F-AF26E30510CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD23474-CBFE-4575-A2DA-431C0D74E2EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r350e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "208776B7-AC2A-445F-A26F-5C072EFEED0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB605D38-A71B-44FF-909D-D34348491EA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54D2D26C-E53C-41E2-9EB7-653CBF5A49E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E547E2A0-86E7-438C-9602-A2ECB247A84C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A5E2C5-E261-4FA6-AB5E-D651110C80CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44C800DC-82C3-4240-B2C0-18433FED4E3B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1677A804-8DE7-4191-8E84-9ADAE9E8269E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22845768-F360-46EC-BB48-2A68A4B6A2C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89E38958-2FEB-4945-81E0-522BD1136D26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r730:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D8F47E7-791A-44E8-A62C-B4D0F4AF80BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2A5668-2EDB-4E93-A4FA-88FCBCC057B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "473AC82B-6A00-4076-A043-E4854DA09C3E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "554AE543-CC27-4109-9F0C-E17BF2A4E22F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E815A2-09BC-4FF8-B38C-8857E626ACA1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0777F3E0-7F95-49B4-B488-5550FF922E9E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A4DF46-52A7-4F47-B9EB-8F3A1D0261DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0D8BF0-5736-44F7-8B9C-6BDCF97FF5C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCA0728-C62C-429B-ABA0-A8F853543A0F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDB7F8C-9DF1-47B4-8E82-95003744CC0B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4ED697-139A-4679-85D5-3992DEA8BB44",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5F3A97-6FC5-4592-8304-43070120AA3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE01A53-D787-4240-BF0F-EDC8BF51D6D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E23CE29C-210E-44C0-B4CF-01F2889B671D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t710s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7A8265-2895-42FF-BF64-76C73CF67112",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29911530-47EC-4865-9965-72D101827F1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C83392A-1656-473F-9F08-C3CC89FDF3FA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t811-cm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C49E0DC-A33C-43F3-9278-5341C1842FA6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t811-cm_\\(non-sfp\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFDE6F6D-DC10-4C72-BDEC-0B1CB7DCCEA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:zonedirector_1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AB4E62C-2532-41A9-9F1E-737D3E4DD008",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279, where hard-coded credentials for the ftpuser account provide FTP access to the controller, enabling a remote attacker to upload or retrieve arbitrary files from writable firmware directories and thereby expose sensitive information or compromise the controller."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en CommScope Ruckus Unleashed anterior a 200.15.6.212.14 y 200.17.7.0.139 y en Ruckus ZoneDirector anterior a 10.5.1.0.279, donde las credenciales codificadas para la cuenta ftpuser proporcionan acceso FTP al controlador, lo que permite a un atacante remoto cargar o recuperar archivos arbitrarios de directorios de firmware escribibles y, de ese modo, exponer informaci\u00f3n confidencial o comprometer el controlador."
}
],
"id": "CVE-2025-46118",
"lastModified": "2025-08-05T17:18:10.250",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-07-21T15:15:27.940",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sector7.computest.nl/post/2025-07-ruckus-unleashed/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://support.ruckuswireless.com/security_bulletins/330"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-21 15:15
Modified
2025-08-05 17:18
Severity ?
Summary
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the functions `stamgr_cfg_adpt_addStaFavourite` and `stamgr_cfg_adpt_addStaIot` pass a client hostname directly to snprintf as the format string. A remote attacker can exploit this flaw either by sending a crafted request to the authenticated endpoint `/admin/_conf.jsp`, or without authentication and without direct network access to the controller by spoofing the MAC address of a favourite station and embedding malicious format specifiers in the DHCP hostname field, resulting in unauthenticated format-string processing and arbitrary code execution on the controller.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://sector7.computest.nl/post/2025-07-ruckus-unleashed/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://support.ruckuswireless.com/security_bulletins/330 | Product |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8933A8DB-2169-4969-857D-65FCC5A2687E",
"versionEndExcluding": "200.15.6.212.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF7ACF7-77A1-497E-991F-F8015017FF6B",
"versionEndExcluding": "200.17.7.0.139",
"versionStartIncluding": "200.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_zonedirector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31CEC229-C1CD-471D-93EC-BF4629393864",
"versionEndExcluding": "10.5.1.0.279",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:commscope:ruckus_c110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84B1EC30-ACC3-4141-A149-F2C912AEDC2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_e510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CB277A-B51A-4EF6-9B60-26E42DB466A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDE59EC-811F-4A5E-A4DE-C3289D8A049A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37C8E333-5C44-44BB-842F-FCDA8D8D5831",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CABADA0-2CC3-4218-BE64-7014F21166CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC533A1-7998-4363-9D94-E1472F22DE87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75F9B4E2-6E5B-4C96-A46F-06450BB81E68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510-jp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "028EEF4A-5A5B-4662-A5AA-B027EF66DF2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA2F043-9743-4FC9-AF74-20FAC503C2F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D165B27E-AA69-446F-916F-AF26E30510CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD23474-CBFE-4575-A2DA-431C0D74E2EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r350e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "208776B7-AC2A-445F-A26F-5C072EFEED0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB605D38-A71B-44FF-909D-D34348491EA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54D2D26C-E53C-41E2-9EB7-653CBF5A49E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E547E2A0-86E7-438C-9602-A2ECB247A84C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A5E2C5-E261-4FA6-AB5E-D651110C80CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44C800DC-82C3-4240-B2C0-18433FED4E3B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1677A804-8DE7-4191-8E84-9ADAE9E8269E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22845768-F360-46EC-BB48-2A68A4B6A2C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89E38958-2FEB-4945-81E0-522BD1136D26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r730:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D8F47E7-791A-44E8-A62C-B4D0F4AF80BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2A5668-2EDB-4E93-A4FA-88FCBCC057B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "473AC82B-6A00-4076-A043-E4854DA09C3E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "554AE543-CC27-4109-9F0C-E17BF2A4E22F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E815A2-09BC-4FF8-B38C-8857E626ACA1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0777F3E0-7F95-49B4-B488-5550FF922E9E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A4DF46-52A7-4F47-B9EB-8F3A1D0261DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0D8BF0-5736-44F7-8B9C-6BDCF97FF5C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCA0728-C62C-429B-ABA0-A8F853543A0F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDB7F8C-9DF1-47B4-8E82-95003744CC0B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4ED697-139A-4679-85D5-3992DEA8BB44",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5F3A97-6FC5-4592-8304-43070120AA3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE01A53-D787-4240-BF0F-EDC8BF51D6D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E23CE29C-210E-44C0-B4CF-01F2889B671D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t710s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7A8265-2895-42FF-BF64-76C73CF67112",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29911530-47EC-4865-9965-72D101827F1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C83392A-1656-473F-9F08-C3CC89FDF3FA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t811-cm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C49E0DC-A33C-43F3-9278-5341C1842FA6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t811-cm_\\(non-sfp\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFDE6F6D-DC10-4C72-BDEC-0B1CB7DCCEA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:zonedirector_1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AB4E62C-2532-41A9-9F1E-737D3E4DD008",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the functions `stamgr_cfg_adpt_addStaFavourite` and `stamgr_cfg_adpt_addStaIot` pass a client hostname directly to snprintf as the format string. A remote attacker can exploit this flaw either by sending a crafted request to the authenticated endpoint `/admin/_conf.jsp`, or without authentication and without direct network access to the controller by spoofing the MAC address of a favourite station and embedding malicious format specifiers in the DHCP hostname field, resulting in unauthenticated format-string processing and arbitrary code execution on the controller."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en CommScope Ruckus Unleashed anterior a 200.15.6.212.14 y 200.17.7.0.139, donde las funciones `stamgr_cfg_adpt_addStaFavourite` y `stamgr_cfg_adpt_addStaIot` pasan el nombre de host de un cliente directamente a snprintf como cadena de formato. Un atacante remoto puede explotar esta vulnerabilidad enviando una solicitud manipulada al endpoint autenticado `/admin/_conf.jsp`, o sin autenticaci\u00f3n y sin acceso directo al controlador de red, falsificando la direcci\u00f3n MAC de una estaci\u00f3n favorita e incrustando especificadores de formato maliciosos en el campo de nombre de host DHCP, lo que resulta en el procesamiento no autenticado de la cadena de formato y la ejecuci\u00f3n de c\u00f3digo arbitrario en el controlador."
}
],
"id": "CVE-2025-46121",
"lastModified": "2025-08-05T17:18:43.993",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-07-21T15:15:28.270",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sector7.computest.nl/post/2025-07-ruckus-unleashed/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://support.ruckuswireless.com/security_bulletins/330"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-21 15:15
Modified
2025-08-05 17:17
Severity ?
Summary
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command `!v54!` via a management API call and then invoke it to escape the restricted shell and obtain a root shell on the controller.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://sector7.computest.nl/post/2025-07-ruckus-unleashed/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://support.ruckuswireless.com/security_bulletins/330 | Product |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8933A8DB-2169-4969-857D-65FCC5A2687E",
"versionEndExcluding": "200.15.6.212.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF7ACF7-77A1-497E-991F-F8015017FF6B",
"versionEndExcluding": "200.17.7.0.139",
"versionStartIncluding": "200.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_zonedirector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31CEC229-C1CD-471D-93EC-BF4629393864",
"versionEndExcluding": "10.5.1.0.279",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:commscope:ruckus_c110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84B1EC30-ACC3-4141-A149-F2C912AEDC2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_e510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CB277A-B51A-4EF6-9B60-26E42DB466A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDE59EC-811F-4A5E-A4DE-C3289D8A049A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37C8E333-5C44-44BB-842F-FCDA8D8D5831",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CABADA0-2CC3-4218-BE64-7014F21166CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC533A1-7998-4363-9D94-E1472F22DE87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75F9B4E2-6E5B-4C96-A46F-06450BB81E68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510-jp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "028EEF4A-5A5B-4662-A5AA-B027EF66DF2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA2F043-9743-4FC9-AF74-20FAC503C2F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D165B27E-AA69-446F-916F-AF26E30510CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD23474-CBFE-4575-A2DA-431C0D74E2EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r350e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "208776B7-AC2A-445F-A26F-5C072EFEED0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB605D38-A71B-44FF-909D-D34348491EA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54D2D26C-E53C-41E2-9EB7-653CBF5A49E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E547E2A0-86E7-438C-9602-A2ECB247A84C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A5E2C5-E261-4FA6-AB5E-D651110C80CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44C800DC-82C3-4240-B2C0-18433FED4E3B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1677A804-8DE7-4191-8E84-9ADAE9E8269E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22845768-F360-46EC-BB48-2A68A4B6A2C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89E38958-2FEB-4945-81E0-522BD1136D26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r730:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D8F47E7-791A-44E8-A62C-B4D0F4AF80BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2A5668-2EDB-4E93-A4FA-88FCBCC057B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "473AC82B-6A00-4076-A043-E4854DA09C3E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "554AE543-CC27-4109-9F0C-E17BF2A4E22F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E815A2-09BC-4FF8-B38C-8857E626ACA1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0777F3E0-7F95-49B4-B488-5550FF922E9E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A4DF46-52A7-4F47-B9EB-8F3A1D0261DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0D8BF0-5736-44F7-8B9C-6BDCF97FF5C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCA0728-C62C-429B-ABA0-A8F853543A0F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDB7F8C-9DF1-47B4-8E82-95003744CC0B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4ED697-139A-4679-85D5-3992DEA8BB44",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5F3A97-6FC5-4592-8304-43070120AA3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE01A53-D787-4240-BF0F-EDC8BF51D6D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E23CE29C-210E-44C0-B4CF-01F2889B671D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t710s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7A8265-2895-42FF-BF64-76C73CF67112",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29911530-47EC-4865-9965-72D101827F1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C83392A-1656-473F-9F08-C3CC89FDF3FA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t811-cm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C49E0DC-A33C-43F3-9278-5341C1842FA6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t811-cm_\\(non-sfp\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFDE6F6D-DC10-4C72-BDEC-0B1CB7DCCEA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:zonedirector_1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AB4E62C-2532-41A9-9F1E-737D3E4DD008",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command `!v54!` via a management API call and then invoke it to escape the restricted shell and obtain a root shell on the controller."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en CommScope Ruckus Unleashed anterior a 200.15.6.212.14 y 200.17.7.0.139, y en Ruckus ZoneDirector anterior a 10.5.1.0.279, donde un atacante autenticado puede deshabilitar el requisito de contrase\u00f1a para un comando CLI oculto `!v54!` a trav\u00e9s de una llamada a la API de administraci\u00f3n y luego invocarlo para escapar del shell restringido y obtener un shell root en el controlador."
}
],
"id": "CVE-2025-46116",
"lastModified": "2025-08-05T17:17:40.227",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-07-21T15:15:27.690",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sector7.computest.nl/post/2025-07-ruckus-unleashed/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://support.ruckuswireless.com/security_bulletins/330"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-250"
},
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-21 15:15
Modified
2025-08-05 17:18
Severity ?
Summary
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where the authenticated configuration endpoint `/admin/_conf.jsp` writes the Wi-Fi guest password to memory with snprintf using the attacker-supplied value as the format string; a crafted password therefore triggers uncontrolled format-string processing and enables remote code execution on the controller.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://sector7.computest.nl/post/2025-07-ruckus-unleashed/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://support.ruckuswireless.com/security_bulletins/330 | Product |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8933A8DB-2169-4969-857D-65FCC5A2687E",
"versionEndExcluding": "200.15.6.212.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF7ACF7-77A1-497E-991F-F8015017FF6B",
"versionEndExcluding": "200.17.7.0.139",
"versionStartIncluding": "200.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_zonedirector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31CEC229-C1CD-471D-93EC-BF4629393864",
"versionEndExcluding": "10.5.1.0.279",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:commscope:ruckus_c110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84B1EC30-ACC3-4141-A149-F2C912AEDC2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_e510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CB277A-B51A-4EF6-9B60-26E42DB466A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDE59EC-811F-4A5E-A4DE-C3289D8A049A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37C8E333-5C44-44BB-842F-FCDA8D8D5831",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CABADA0-2CC3-4218-BE64-7014F21166CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC533A1-7998-4363-9D94-E1472F22DE87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75F9B4E2-6E5B-4C96-A46F-06450BB81E68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510-jp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "028EEF4A-5A5B-4662-A5AA-B027EF66DF2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA2F043-9743-4FC9-AF74-20FAC503C2F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D165B27E-AA69-446F-916F-AF26E30510CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD23474-CBFE-4575-A2DA-431C0D74E2EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r350e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "208776B7-AC2A-445F-A26F-5C072EFEED0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB605D38-A71B-44FF-909D-D34348491EA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54D2D26C-E53C-41E2-9EB7-653CBF5A49E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E547E2A0-86E7-438C-9602-A2ECB247A84C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A5E2C5-E261-4FA6-AB5E-D651110C80CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44C800DC-82C3-4240-B2C0-18433FED4E3B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1677A804-8DE7-4191-8E84-9ADAE9E8269E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22845768-F360-46EC-BB48-2A68A4B6A2C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89E38958-2FEB-4945-81E0-522BD1136D26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r730:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D8F47E7-791A-44E8-A62C-B4D0F4AF80BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2A5668-2EDB-4E93-A4FA-88FCBCC057B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "473AC82B-6A00-4076-A043-E4854DA09C3E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "554AE543-CC27-4109-9F0C-E17BF2A4E22F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E815A2-09BC-4FF8-B38C-8857E626ACA1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0777F3E0-7F95-49B4-B488-5550FF922E9E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A4DF46-52A7-4F47-B9EB-8F3A1D0261DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0D8BF0-5736-44F7-8B9C-6BDCF97FF5C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCA0728-C62C-429B-ABA0-A8F853543A0F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDB7F8C-9DF1-47B4-8E82-95003744CC0B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4ED697-139A-4679-85D5-3992DEA8BB44",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5F3A97-6FC5-4592-8304-43070120AA3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE01A53-D787-4240-BF0F-EDC8BF51D6D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E23CE29C-210E-44C0-B4CF-01F2889B671D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t710s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7A8265-2895-42FF-BF64-76C73CF67112",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29911530-47EC-4865-9965-72D101827F1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C83392A-1656-473F-9F08-C3CC89FDF3FA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t811-cm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C49E0DC-A33C-43F3-9278-5341C1842FA6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t811-cm_\\(non-sfp\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFDE6F6D-DC10-4C72-BDEC-0B1CB7DCCEA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:zonedirector_1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AB4E62C-2532-41A9-9F1E-737D3E4DD008",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where the authenticated configuration endpoint `/admin/_conf.jsp` writes the Wi-Fi guest password to memory with snprintf using the attacker-supplied value as the format string; a crafted password therefore triggers uncontrolled format-string processing and enables remote code execution on the controller."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en CommScope Ruckus Unleashed anterior a 200.15.6.212.14 y 200.17.7.0.139, y en Ruckus ZoneDirector anterior a 10.5.1.0.279, donde el endpoint de configuraci\u00f3n autenticado `/admin/_conf.jsp` escribe la contrase\u00f1a de invitado de Wi-Fi en la memoria con snprintf usando el valor proporcionado por el atacante como cadena de formato; por lo tanto, una contrase\u00f1a manipulada desencadena un procesamiento descontrolado de la cadena de formato y permite la ejecuci\u00f3n remota de c\u00f3digo en el controlador."
}
],
"id": "CVE-2025-46123",
"lastModified": "2025-08-05T17:18:56.067",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-07-21T15:15:28.500",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sector7.computest.nl/post/2025-07-ruckus-unleashed/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://support.ruckuswireless.com/security_bulletins/330"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-21 15:15
Modified
2025-08-05 17:18
Severity ?
Summary
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the authenticated diagnostics API endpoint `/admin/_cmdstat.jsp` passes attacker-controlled input to the shell without adequate validation, enabling a remote attacker to specify a target by MAC address and execute arbitrary commands as root.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://sector7.computest.nl/post/2025-07-ruckus-unleashed/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://support.ruckuswireless.com/security_bulletins/330 | Product |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8933A8DB-2169-4969-857D-65FCC5A2687E",
"versionEndExcluding": "200.15.6.212.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF7ACF7-77A1-497E-991F-F8015017FF6B",
"versionEndExcluding": "200.17.7.0.139",
"versionStartIncluding": "200.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_zonedirector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31CEC229-C1CD-471D-93EC-BF4629393864",
"versionEndExcluding": "10.5.1.0.279",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:commscope:ruckus_c110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84B1EC30-ACC3-4141-A149-F2C912AEDC2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_e510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CB277A-B51A-4EF6-9B60-26E42DB466A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDE59EC-811F-4A5E-A4DE-C3289D8A049A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37C8E333-5C44-44BB-842F-FCDA8D8D5831",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CABADA0-2CC3-4218-BE64-7014F21166CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC533A1-7998-4363-9D94-E1472F22DE87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75F9B4E2-6E5B-4C96-A46F-06450BB81E68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510-jp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "028EEF4A-5A5B-4662-A5AA-B027EF66DF2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA2F043-9743-4FC9-AF74-20FAC503C2F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D165B27E-AA69-446F-916F-AF26E30510CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD23474-CBFE-4575-A2DA-431C0D74E2EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r350e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "208776B7-AC2A-445F-A26F-5C072EFEED0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB605D38-A71B-44FF-909D-D34348491EA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54D2D26C-E53C-41E2-9EB7-653CBF5A49E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E547E2A0-86E7-438C-9602-A2ECB247A84C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A5E2C5-E261-4FA6-AB5E-D651110C80CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44C800DC-82C3-4240-B2C0-18433FED4E3B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1677A804-8DE7-4191-8E84-9ADAE9E8269E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22845768-F360-46EC-BB48-2A68A4B6A2C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89E38958-2FEB-4945-81E0-522BD1136D26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r730:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D8F47E7-791A-44E8-A62C-B4D0F4AF80BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2A5668-2EDB-4E93-A4FA-88FCBCC057B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "473AC82B-6A00-4076-A043-E4854DA09C3E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "554AE543-CC27-4109-9F0C-E17BF2A4E22F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E815A2-09BC-4FF8-B38C-8857E626ACA1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0777F3E0-7F95-49B4-B488-5550FF922E9E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A4DF46-52A7-4F47-B9EB-8F3A1D0261DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0D8BF0-5736-44F7-8B9C-6BDCF97FF5C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCA0728-C62C-429B-ABA0-A8F853543A0F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDB7F8C-9DF1-47B4-8E82-95003744CC0B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4ED697-139A-4679-85D5-3992DEA8BB44",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5F3A97-6FC5-4592-8304-43070120AA3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE01A53-D787-4240-BF0F-EDC8BF51D6D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E23CE29C-210E-44C0-B4CF-01F2889B671D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t710s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7A8265-2895-42FF-BF64-76C73CF67112",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29911530-47EC-4865-9965-72D101827F1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C83392A-1656-473F-9F08-C3CC89FDF3FA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t811-cm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C49E0DC-A33C-43F3-9278-5341C1842FA6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t811-cm_\\(non-sfp\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFDE6F6D-DC10-4C72-BDEC-0B1CB7DCCEA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:zonedirector_1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AB4E62C-2532-41A9-9F1E-737D3E4DD008",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the authenticated diagnostics API endpoint `/admin/_cmdstat.jsp` passes attacker-controlled input to the shell without adequate validation, enabling a remote attacker to specify a target by MAC address and execute arbitrary commands as root."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en CommScope Ruckus Unleashed anterior a 200.15.6.212.14 y 200.17.7.0.139, donde el endpoint de la API de diagn\u00f3stico autenticado `/admin/_cmdstat.jsp` pasa la entrada controlada por el atacante al shell sin la validaci\u00f3n adecuada, lo que permite a un atacante remoto especificar un objetivo por direcci\u00f3n MAC y ejecutar comandos arbitrarios como root."
}
],
"id": "CVE-2025-46122",
"lastModified": "2025-08-05T17:18:47.920",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-07-21T15:15:28.390",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sector7.computest.nl/post/2025-07-ruckus-unleashed/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://support.ruckuswireless.com/security_bulletins/330"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-21 15:15
Modified
2025-08-05 17:17
Severity ?
Summary
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where a hidden debug script `.ap_debug.sh` invoked from the restricted CLI does not properly sanitize its input, allowing an authenticated attacker to execute arbitrary commands as root on the controller or specified target.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://sector7.computest.nl/post/2025-07-ruckus-unleashed/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://support.ruckuswireless.com/security_bulletins/330 | Product |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8933A8DB-2169-4969-857D-65FCC5A2687E",
"versionEndExcluding": "200.15.6.212.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF7ACF7-77A1-497E-991F-F8015017FF6B",
"versionEndExcluding": "200.17.7.0.139",
"versionStartIncluding": "200.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_zonedirector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31CEC229-C1CD-471D-93EC-BF4629393864",
"versionEndExcluding": "10.5.1.0.279",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:commscope:ruckus_c110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84B1EC30-ACC3-4141-A149-F2C912AEDC2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_e510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CB277A-B51A-4EF6-9B60-26E42DB466A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDE59EC-811F-4A5E-A4DE-C3289D8A049A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37C8E333-5C44-44BB-842F-FCDA8D8D5831",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CABADA0-2CC3-4218-BE64-7014F21166CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC533A1-7998-4363-9D94-E1472F22DE87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75F9B4E2-6E5B-4C96-A46F-06450BB81E68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510-jp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "028EEF4A-5A5B-4662-A5AA-B027EF66DF2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA2F043-9743-4FC9-AF74-20FAC503C2F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D165B27E-AA69-446F-916F-AF26E30510CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD23474-CBFE-4575-A2DA-431C0D74E2EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r350e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "208776B7-AC2A-445F-A26F-5C072EFEED0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB605D38-A71B-44FF-909D-D34348491EA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54D2D26C-E53C-41E2-9EB7-653CBF5A49E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E547E2A0-86E7-438C-9602-A2ECB247A84C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A5E2C5-E261-4FA6-AB5E-D651110C80CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44C800DC-82C3-4240-B2C0-18433FED4E3B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1677A804-8DE7-4191-8E84-9ADAE9E8269E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22845768-F360-46EC-BB48-2A68A4B6A2C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89E38958-2FEB-4945-81E0-522BD1136D26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r730:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D8F47E7-791A-44E8-A62C-B4D0F4AF80BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2A5668-2EDB-4E93-A4FA-88FCBCC057B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "473AC82B-6A00-4076-A043-E4854DA09C3E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "554AE543-CC27-4109-9F0C-E17BF2A4E22F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E815A2-09BC-4FF8-B38C-8857E626ACA1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0777F3E0-7F95-49B4-B488-5550FF922E9E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A4DF46-52A7-4F47-B9EB-8F3A1D0261DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0D8BF0-5736-44F7-8B9C-6BDCF97FF5C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCA0728-C62C-429B-ABA0-A8F853543A0F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDB7F8C-9DF1-47B4-8E82-95003744CC0B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4ED697-139A-4679-85D5-3992DEA8BB44",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5F3A97-6FC5-4592-8304-43070120AA3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE01A53-D787-4240-BF0F-EDC8BF51D6D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E23CE29C-210E-44C0-B4CF-01F2889B671D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t710s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7A8265-2895-42FF-BF64-76C73CF67112",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29911530-47EC-4865-9965-72D101827F1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C83392A-1656-473F-9F08-C3CC89FDF3FA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t811-cm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C49E0DC-A33C-43F3-9278-5341C1842FA6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t811-cm_\\(non-sfp\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFDE6F6D-DC10-4C72-BDEC-0B1CB7DCCEA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:zonedirector_1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AB4E62C-2532-41A9-9F1E-737D3E4DD008",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where a hidden debug script `.ap_debug.sh` invoked from the restricted CLI does not properly sanitize its input, allowing an authenticated attacker to execute arbitrary commands as root on the controller or specified target."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en CommScope Ruckus Unleashed anterior a 200.15.6.212.14 y 200.17.7.0.139, y en Ruckus ZoneDirector anterior a 10.5.1.0.279, donde un script de depuraci\u00f3n oculto `.ap_debug.sh` invocado desde la CLI no depura correctamente su entrada, lo que permite que un atacante autenticado ejecute comandos arbitrarios como root en el controlador o el objetivo especificado."
}
],
"id": "CVE-2025-46117",
"lastModified": "2025-08-05T17:17:58.943",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-07-21T15:15:27.823",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sector7.computest.nl/post/2025-07-ruckus-unleashed/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://support.ruckuswireless.com/security_bulletins/330"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CVE-2025-46122 (GCVE-0-2025-46122)
Vulnerability from cvelistv5
Published
2025-07-21 00:00
Modified
2025-07-23 17:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the authenticated diagnostics API endpoint `/admin/_cmdstat.jsp` passes attacker-controlled input to the shell without adequate validation, enabling a remote attacker to specify a target by MAC address and execute arbitrary commands as root.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-46122",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T17:15:07.246569Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T17:16:46.566Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the authenticated diagnostics API endpoint `/admin/_cmdstat.jsp` passes attacker-controlled input to the shell without adequate validation, enabling a remote attacker to specify a target by MAC address and execute arbitrary commands as root."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T16:58:27.395Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.ruckuswireless.com/security_bulletins/330"
},
{
"url": "https://sector7.computest.nl/post/2025-07-ruckus-unleashed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-46122",
"datePublished": "2025-07-21T00:00:00.000Z",
"dateReserved": "2025-04-22T00:00:00.000Z",
"dateUpdated": "2025-07-23T17:16:46.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46120 (GCVE-0-2025-46120)
Vulnerability from cvelistv5
Published
2025-07-21 00:00
Modified
2025-07-23 17:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates outside permitted directories, allowing a remote unauthenticated attacker who can upload a template (e.g., via FTP) to escalate privileges and run arbitrary template code on the controller.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-46120",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T17:18:14.778084Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T17:18:49.943Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates outside permitted directories, allowing a remote unauthenticated attacker who can upload a template (e.g., via FTP) to escalate privileges and run arbitrary template code on the controller."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T16:57:05.024Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.ruckuswireless.com/security_bulletins/330"
},
{
"url": "https://sector7.computest.nl/post/2025-07-ruckus-unleashed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-46120",
"datePublished": "2025-07-21T00:00:00.000Z",
"dateReserved": "2025-04-22T00:00:00.000Z",
"dateUpdated": "2025-07-23T17:18:49.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46119 (GCVE-0-2025-46119)
Vulnerability from cvelistv5
Published
2025-07-21 00:00
Modified
2025-07-23 17:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where an authenticated request to the management endpoint `/admin/_cmdstat.jsp` discloses the administrator password in a trivially reversible obfuscated form. The same obfuscation method persists in configuration prior to 200.18.7.1.302, allowing anyone who obtains the system configuration to recover the plaintext credentials.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-46119",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T17:19:14.851128Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-555",
"description": "CWE-555 J2EE Misconfiguration: Plaintext Password in Configuration File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T17:19:32.729Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where an authenticated request to the management endpoint `/admin/_cmdstat.jsp` discloses the administrator password in a trivially reversible obfuscated form. The same obfuscation method persists in configuration prior to 200.18.7.1.302, allowing anyone who obtains the system configuration to recover the plaintext credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T17:21:04.737Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.ruckuswireless.com/security_bulletins/330"
},
{
"url": "https://sector7.computest.nl/post/2025-07-ruckus-unleashed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-46119",
"datePublished": "2025-07-21T00:00:00.000Z",
"dateReserved": "2025-04-22T00:00:00.000Z",
"dateUpdated": "2025-07-23T17:19:32.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46117 (GCVE-0-2025-46117)
Vulnerability from cvelistv5
Published
2025-07-21 00:00
Modified
2025-07-23 17:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where a hidden debug script `.ap_debug.sh` invoked from the restricted CLI does not properly sanitize its input, allowing an authenticated attacker to execute arbitrary commands as root on the controller or specified target.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-46117",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-21T19:48:58.503501Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T17:21:00.524Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where a hidden debug script `.ap_debug.sh` invoked from the restricted CLI does not properly sanitize its input, allowing an authenticated attacker to execute arbitrary commands as root on the controller or specified target."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T16:54:53.429Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.ruckuswireless.com/security_bulletins/330"
},
{
"url": "https://sector7.computest.nl/post/2025-07-ruckus-unleashed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-46117",
"datePublished": "2025-07-21T00:00:00.000Z",
"dateReserved": "2025-04-22T00:00:00.000Z",
"dateUpdated": "2025-07-23T17:21:00.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46116 (GCVE-0-2025-46116)
Vulnerability from cvelistv5
Published
2025-07-21 00:00
Modified
2025-07-22 16:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command `!v54!` via a management API call and then invoke it to escape the restricted shell and obtain a root shell on the controller.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-46116",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-21T18:13:04.116393Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T18:15:55.668Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command `!v54!` via a management API call and then invoke it to escape the restricted shell and obtain a root shell on the controller."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T16:53:31.177Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.ruckuswireless.com/security_bulletins/330"
},
{
"url": "https://sector7.computest.nl/post/2025-07-ruckus-unleashed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-46116",
"datePublished": "2025-07-21T00:00:00.000Z",
"dateReserved": "2025-04-22T00:00:00.000Z",
"dateUpdated": "2025-07-22T16:53:31.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46121 (GCVE-0-2025-46121)
Vulnerability from cvelistv5
Published
2025-07-21 00:00
Modified
2025-07-28 19:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the functions `stamgr_cfg_adpt_addStaFavourite` and `stamgr_cfg_adpt_addStaIot` pass a client hostname directly to snprintf as the format string. A remote attacker can exploit this flaw either by sending a crafted request to the authenticated endpoint `/admin/_conf.jsp`, or without authentication and without direct network access to the controller by spoofing the MAC address of a favourite station and embedding malicious format specifiers in the DHCP hostname field, resulting in unauthenticated format-string processing and arbitrary code execution on the controller.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-46121",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T19:42:03.326491Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134 Use of Externally-Controlled Format String",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T19:42:06.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the functions `stamgr_cfg_adpt_addStaFavourite` and `stamgr_cfg_adpt_addStaIot` pass a client hostname directly to snprintf as the format string. A remote attacker can exploit this flaw either by sending a crafted request to the authenticated endpoint `/admin/_conf.jsp`, or without authentication and without direct network access to the controller by spoofing the MAC address of a favourite station and embedding malicious format specifiers in the DHCP hostname field, resulting in unauthenticated format-string processing and arbitrary code execution on the controller."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T16:57:53.429Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.ruckuswireless.com/security_bulletins/330"
},
{
"url": "https://sector7.computest.nl/post/2025-07-ruckus-unleashed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-46121",
"datePublished": "2025-07-21T00:00:00.000Z",
"dateReserved": "2025-04-22T00:00:00.000Z",
"dateUpdated": "2025-07-28T19:42:06.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46118 (GCVE-0-2025-46118)
Vulnerability from cvelistv5
Published
2025-07-21 00:00
Modified
2025-07-28 19:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279, where hard-coded credentials for the ftpuser account provide FTP access to the controller, enabling a remote attacker to upload or retrieve arbitrary files from writable firmware directories and thereby expose sensitive information or compromise the controller.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-46118",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T17:19:55.464493Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T19:37:41.834Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279, where hard-coded credentials for the ftpuser account provide FTP access to the controller, enabling a remote attacker to upload or retrieve arbitrary files from writable firmware directories and thereby expose sensitive information or compromise the controller."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T16:55:41.942Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.ruckuswireless.com/security_bulletins/330"
},
{
"url": "https://sector7.computest.nl/post/2025-07-ruckus-unleashed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-46118",
"datePublished": "2025-07-21T00:00:00.000Z",
"dateReserved": "2025-04-22T00:00:00.000Z",
"dateUpdated": "2025-07-28T19:37:41.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46123 (GCVE-0-2025-46123)
Vulnerability from cvelistv5
Published
2025-07-21 00:00
Modified
2025-07-24 20:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where the authenticated configuration endpoint `/admin/_conf.jsp` writes the Wi-Fi guest password to memory with snprintf using the attacker-supplied value as the format string; a crafted password therefore triggers uncontrolled format-string processing and enables remote code execution on the controller.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-46123",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T20:24:11.597336Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134 Use of Externally-Controlled Format String",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T20:25:38.729Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where the authenticated configuration endpoint `/admin/_conf.jsp` writes the Wi-Fi guest password to memory with snprintf using the attacker-supplied value as the format string; a crafted password therefore triggers uncontrolled format-string processing and enables remote code execution on the controller."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T16:59:04.302Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.ruckuswireless.com/security_bulletins/330"
},
{
"url": "https://sector7.computest.nl/post/2025-07-ruckus-unleashed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-46123",
"datePublished": "2025-07-21T00:00:00.000Z",
"dateReserved": "2025-04-22T00:00:00.000Z",
"dateUpdated": "2025-07-24T20:25:38.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}