Vulnerabilites related to commscope - ruckus_t750
Vulnerability from fkie_nvd
Published
2025-08-04 17:15
Modified
2025-08-07 17:59
Severity ?
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://claroty.com/team82/disclosure-dashboard/cve-2025-44960 | Third Party Advisory | |
| cve@mitre.org | https://kb.cert.org/vuls/id/613753 | Third Party Advisory, US Government Resource | |
| cve@mitre.org | https://webresources.commscope.com/download/assets/FAQ+Security+Advisory%3A+ID+20250710/225f44ac3bd311f095821adcaa92e24e | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:commscope:ruckus_smartzone_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44F784A1-3FFC-4D0D-AA1C-79FC658C3427",
"versionEndExcluding": "6.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:commscope:ruckus_smartzone_firmware:6.1.2:-:*:*:*:*:*:*",
"matchCriteriaId": "03388446-4CF1-44E7-B065-C2757F1FB268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:commscope:ruckus_smartzone_firmware:6.1.2:p2:*:*:*:*:*:*",
"matchCriteriaId": "E24AB619-53C8-4D85-B7F4-3DD539CE4423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:commscope:ruckus_smartzone_firmware:6.1.2:p3:*:*:*:*:*:*",
"matchCriteriaId": "C27F9A43-95AD-447E-AA4F-1E76AEC465B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:commscope:ruckus_smartzone_firmware:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A03C572-D1A0-4C4A-A57B-6A7272A656CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:commscope:ruckus_smartzone_firmware:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "656A9814-B5F2-40C7-BC9E-E3F94873955E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:commscope:ruckus_virtual_smartzone:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4279B64A-E14F-4C35-833E-1BE754BA938A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:commscope:ruckus_virtual_smartzone-federal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE5F3960-145C-4263-9758-7E8F23697728",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_c110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84B1EC30-ACC3-4141-A149-F2C912AEDC2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_e510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CB277A-B51A-4EF6-9B60-26E42DB466A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDE59EC-811F-4A5E-A4DE-C3289D8A049A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37C8E333-5C44-44BB-842F-FCDA8D8D5831",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CABADA0-2CC3-4218-BE64-7014F21166CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75F9B4E2-6E5B-4C96-A46F-06450BB81E68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D165B27E-AA69-446F-916F-AF26E30510CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB605D38-A71B-44FF-909D-D34348491EA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E547E2A0-86E7-438C-9602-A2ECB247A84C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A5E2C5-E261-4FA6-AB5E-D651110C80CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22845768-F360-46EC-BB48-2A68A4B6A2C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89E38958-2FEB-4945-81E0-522BD1136D26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r730:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D8F47E7-791A-44E8-A62C-B4D0F4AF80BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2A5668-2EDB-4E93-A4FA-88FCBCC057B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_smartzone_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47D9D0D-0FB1-4E47-9249-A82EC9581198",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_smartzone_100-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C02B87AD-DEEA-4041-B5BC-CDF208208619",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_smartzone_144:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E724D3AC-394D-4413-8CCE-AC288221A491",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_smartzone_144-federal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0CB514-5AA1-4051-8C0E-FF9B1279EC7D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_smartzone_300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4AE1274-1D3E-4357-BA8D-073E37F56738",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_smartzone_300-federal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7A47BFA-B68B-475B-AB3B-5E5C083BC907",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0777F3E0-7F95-49B4-B488-5550FF922E9E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07675BAE-5475-4F6C-9229-65BD92338F5B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A4DF46-52A7-4F47-B9EB-8F3A1D0261DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0D8BF0-5736-44F7-8B9C-6BDCF97FF5C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4ED697-139A-4679-85D5-3992DEA8BB44",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29911530-47EC-4865-9965-72D101827F1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C83392A-1656-473F-9F08-C3CC89FDF3FA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:commscope:ruckus_network_director:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA45EF06-28C7-41D8-BBAC-671095FB29A5",
"versionEndExcluding": "4.5.0.51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route."
},
{
"lang": "es",
"value": "La compilaci\u00f3n de actualizaci\u00f3n de RUCKUS SmartZone (SZ) anterior a la versi\u00f3n 6.1.2p3 permite la inyecci\u00f3n de comandos del sistema operativo a trav\u00e9s de un determinado par\u00e1metro en una ruta API."
}
],
"id": "CVE-2025-44960",
"lastModified": "2025-08-07T17:59:12.387",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-08-04T17:15:30.050",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2025-44960"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/613753"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://webresources.commscope.com/download/assets/FAQ+Security+Advisory%3A+ID+20250710/225f44ac3bd311f095821adcaa92e24e"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "cve@mitre.org",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-21 15:15
Modified
2025-08-05 17:18
Severity ?
Summary
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the authenticated diagnostics API endpoint `/admin/_cmdstat.jsp` passes attacker-controlled input to the shell without adequate validation, enabling a remote attacker to specify a target by MAC address and execute arbitrary commands as root.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://sector7.computest.nl/post/2025-07-ruckus-unleashed/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://support.ruckuswireless.com/security_bulletins/330 | Product |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8933A8DB-2169-4969-857D-65FCC5A2687E",
"versionEndExcluding": "200.15.6.212.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF7ACF7-77A1-497E-991F-F8015017FF6B",
"versionEndExcluding": "200.17.7.0.139",
"versionStartIncluding": "200.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_zonedirector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31CEC229-C1CD-471D-93EC-BF4629393864",
"versionEndExcluding": "10.5.1.0.279",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:commscope:ruckus_c110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84B1EC30-ACC3-4141-A149-F2C912AEDC2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_e510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CB277A-B51A-4EF6-9B60-26E42DB466A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDE59EC-811F-4A5E-A4DE-C3289D8A049A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37C8E333-5C44-44BB-842F-FCDA8D8D5831",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CABADA0-2CC3-4218-BE64-7014F21166CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC533A1-7998-4363-9D94-E1472F22DE87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75F9B4E2-6E5B-4C96-A46F-06450BB81E68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510-jp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "028EEF4A-5A5B-4662-A5AA-B027EF66DF2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA2F043-9743-4FC9-AF74-20FAC503C2F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D165B27E-AA69-446F-916F-AF26E30510CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD23474-CBFE-4575-A2DA-431C0D74E2EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r350e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "208776B7-AC2A-445F-A26F-5C072EFEED0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB605D38-A71B-44FF-909D-D34348491EA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54D2D26C-E53C-41E2-9EB7-653CBF5A49E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E547E2A0-86E7-438C-9602-A2ECB247A84C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A5E2C5-E261-4FA6-AB5E-D651110C80CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44C800DC-82C3-4240-B2C0-18433FED4E3B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1677A804-8DE7-4191-8E84-9ADAE9E8269E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22845768-F360-46EC-BB48-2A68A4B6A2C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89E38958-2FEB-4945-81E0-522BD1136D26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r730:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D8F47E7-791A-44E8-A62C-B4D0F4AF80BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2A5668-2EDB-4E93-A4FA-88FCBCC057B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "473AC82B-6A00-4076-A043-E4854DA09C3E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "554AE543-CC27-4109-9F0C-E17BF2A4E22F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E815A2-09BC-4FF8-B38C-8857E626ACA1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0777F3E0-7F95-49B4-B488-5550FF922E9E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A4DF46-52A7-4F47-B9EB-8F3A1D0261DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0D8BF0-5736-44F7-8B9C-6BDCF97FF5C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCA0728-C62C-429B-ABA0-A8F853543A0F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDB7F8C-9DF1-47B4-8E82-95003744CC0B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4ED697-139A-4679-85D5-3992DEA8BB44",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5F3A97-6FC5-4592-8304-43070120AA3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE01A53-D787-4240-BF0F-EDC8BF51D6D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E23CE29C-210E-44C0-B4CF-01F2889B671D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t710s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7A8265-2895-42FF-BF64-76C73CF67112",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29911530-47EC-4865-9965-72D101827F1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C83392A-1656-473F-9F08-C3CC89FDF3FA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t811-cm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C49E0DC-A33C-43F3-9278-5341C1842FA6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t811-cm_\\(non-sfp\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFDE6F6D-DC10-4C72-BDEC-0B1CB7DCCEA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:zonedirector_1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AB4E62C-2532-41A9-9F1E-737D3E4DD008",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the authenticated diagnostics API endpoint `/admin/_cmdstat.jsp` passes attacker-controlled input to the shell without adequate validation, enabling a remote attacker to specify a target by MAC address and execute arbitrary commands as root."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en CommScope Ruckus Unleashed anterior a 200.15.6.212.14 y 200.17.7.0.139, donde el endpoint de la API de diagn\u00f3stico autenticado `/admin/_cmdstat.jsp` pasa la entrada controlada por el atacante al shell sin la validaci\u00f3n adecuada, lo que permite a un atacante remoto especificar un objetivo por direcci\u00f3n MAC y ejecutar comandos arbitrarios como root."
}
],
"id": "CVE-2025-46122",
"lastModified": "2025-08-05T17:18:47.920",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-07-21T15:15:28.390",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sector7.computest.nl/post/2025-07-ruckus-unleashed/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://support.ruckuswireless.com/security_bulletins/330"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-21 15:15
Modified
2025-08-05 17:17
Severity ?
Summary
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command `!v54!` via a management API call and then invoke it to escape the restricted shell and obtain a root shell on the controller.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://sector7.computest.nl/post/2025-07-ruckus-unleashed/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://support.ruckuswireless.com/security_bulletins/330 | Product |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8933A8DB-2169-4969-857D-65FCC5A2687E",
"versionEndExcluding": "200.15.6.212.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF7ACF7-77A1-497E-991F-F8015017FF6B",
"versionEndExcluding": "200.17.7.0.139",
"versionStartIncluding": "200.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_zonedirector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31CEC229-C1CD-471D-93EC-BF4629393864",
"versionEndExcluding": "10.5.1.0.279",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:commscope:ruckus_c110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84B1EC30-ACC3-4141-A149-F2C912AEDC2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_e510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CB277A-B51A-4EF6-9B60-26E42DB466A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDE59EC-811F-4A5E-A4DE-C3289D8A049A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37C8E333-5C44-44BB-842F-FCDA8D8D5831",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CABADA0-2CC3-4218-BE64-7014F21166CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC533A1-7998-4363-9D94-E1472F22DE87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75F9B4E2-6E5B-4C96-A46F-06450BB81E68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510-jp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "028EEF4A-5A5B-4662-A5AA-B027EF66DF2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA2F043-9743-4FC9-AF74-20FAC503C2F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D165B27E-AA69-446F-916F-AF26E30510CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD23474-CBFE-4575-A2DA-431C0D74E2EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r350e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "208776B7-AC2A-445F-A26F-5C072EFEED0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB605D38-A71B-44FF-909D-D34348491EA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54D2D26C-E53C-41E2-9EB7-653CBF5A49E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E547E2A0-86E7-438C-9602-A2ECB247A84C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A5E2C5-E261-4FA6-AB5E-D651110C80CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44C800DC-82C3-4240-B2C0-18433FED4E3B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1677A804-8DE7-4191-8E84-9ADAE9E8269E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22845768-F360-46EC-BB48-2A68A4B6A2C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89E38958-2FEB-4945-81E0-522BD1136D26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r730:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D8F47E7-791A-44E8-A62C-B4D0F4AF80BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2A5668-2EDB-4E93-A4FA-88FCBCC057B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "473AC82B-6A00-4076-A043-E4854DA09C3E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "554AE543-CC27-4109-9F0C-E17BF2A4E22F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E815A2-09BC-4FF8-B38C-8857E626ACA1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0777F3E0-7F95-49B4-B488-5550FF922E9E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A4DF46-52A7-4F47-B9EB-8F3A1D0261DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0D8BF0-5736-44F7-8B9C-6BDCF97FF5C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCA0728-C62C-429B-ABA0-A8F853543A0F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDB7F8C-9DF1-47B4-8E82-95003744CC0B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4ED697-139A-4679-85D5-3992DEA8BB44",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5F3A97-6FC5-4592-8304-43070120AA3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE01A53-D787-4240-BF0F-EDC8BF51D6D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E23CE29C-210E-44C0-B4CF-01F2889B671D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t710s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7A8265-2895-42FF-BF64-76C73CF67112",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29911530-47EC-4865-9965-72D101827F1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C83392A-1656-473F-9F08-C3CC89FDF3FA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t811-cm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C49E0DC-A33C-43F3-9278-5341C1842FA6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t811-cm_\\(non-sfp\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFDE6F6D-DC10-4C72-BDEC-0B1CB7DCCEA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:zonedirector_1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AB4E62C-2532-41A9-9F1E-737D3E4DD008",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command `!v54!` via a management API call and then invoke it to escape the restricted shell and obtain a root shell on the controller."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en CommScope Ruckus Unleashed anterior a 200.15.6.212.14 y 200.17.7.0.139, y en Ruckus ZoneDirector anterior a 10.5.1.0.279, donde un atacante autenticado puede deshabilitar el requisito de contrase\u00f1a para un comando CLI oculto `!v54!` a trav\u00e9s de una llamada a la API de administraci\u00f3n y luego invocarlo para escapar del shell restringido y obtener un shell root en el controlador."
}
],
"id": "CVE-2025-46116",
"lastModified": "2025-08-05T17:17:40.227",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-07-21T15:15:27.690",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sector7.computest.nl/post/2025-07-ruckus-unleashed/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://support.ruckuswireless.com/security_bulletins/330"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-250"
},
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-21 15:15
Modified
2025-08-05 17:18
Severity ?
Summary
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where an authenticated request to the management endpoint `/admin/_cmdstat.jsp` discloses the administrator password in a trivially reversible obfuscated form. The same obfuscation method persists in configuration prior to 200.18.7.1.302, allowing anyone who obtains the system configuration to recover the plaintext credentials.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://sector7.computest.nl/post/2025-07-ruckus-unleashed/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://support.ruckuswireless.com/security_bulletins/330 | Product |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8933A8DB-2169-4969-857D-65FCC5A2687E",
"versionEndExcluding": "200.15.6.212.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF7ACF7-77A1-497E-991F-F8015017FF6B",
"versionEndExcluding": "200.17.7.0.139",
"versionStartIncluding": "200.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_zonedirector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31CEC229-C1CD-471D-93EC-BF4629393864",
"versionEndExcluding": "10.5.1.0.279",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:commscope:ruckus_c110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84B1EC30-ACC3-4141-A149-F2C912AEDC2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_e510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CB277A-B51A-4EF6-9B60-26E42DB466A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDE59EC-811F-4A5E-A4DE-C3289D8A049A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37C8E333-5C44-44BB-842F-FCDA8D8D5831",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CABADA0-2CC3-4218-BE64-7014F21166CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC533A1-7998-4363-9D94-E1472F22DE87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75F9B4E2-6E5B-4C96-A46F-06450BB81E68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510-jp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "028EEF4A-5A5B-4662-A5AA-B027EF66DF2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA2F043-9743-4FC9-AF74-20FAC503C2F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D165B27E-AA69-446F-916F-AF26E30510CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD23474-CBFE-4575-A2DA-431C0D74E2EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r350e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "208776B7-AC2A-445F-A26F-5C072EFEED0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB605D38-A71B-44FF-909D-D34348491EA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54D2D26C-E53C-41E2-9EB7-653CBF5A49E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E547E2A0-86E7-438C-9602-A2ECB247A84C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A5E2C5-E261-4FA6-AB5E-D651110C80CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44C800DC-82C3-4240-B2C0-18433FED4E3B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1677A804-8DE7-4191-8E84-9ADAE9E8269E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22845768-F360-46EC-BB48-2A68A4B6A2C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89E38958-2FEB-4945-81E0-522BD1136D26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r730:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D8F47E7-791A-44E8-A62C-B4D0F4AF80BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2A5668-2EDB-4E93-A4FA-88FCBCC057B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "473AC82B-6A00-4076-A043-E4854DA09C3E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "554AE543-CC27-4109-9F0C-E17BF2A4E22F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E815A2-09BC-4FF8-B38C-8857E626ACA1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0777F3E0-7F95-49B4-B488-5550FF922E9E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A4DF46-52A7-4F47-B9EB-8F3A1D0261DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0D8BF0-5736-44F7-8B9C-6BDCF97FF5C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCA0728-C62C-429B-ABA0-A8F853543A0F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDB7F8C-9DF1-47B4-8E82-95003744CC0B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4ED697-139A-4679-85D5-3992DEA8BB44",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5F3A97-6FC5-4592-8304-43070120AA3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE01A53-D787-4240-BF0F-EDC8BF51D6D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E23CE29C-210E-44C0-B4CF-01F2889B671D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t710s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7A8265-2895-42FF-BF64-76C73CF67112",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29911530-47EC-4865-9965-72D101827F1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C83392A-1656-473F-9F08-C3CC89FDF3FA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t811-cm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C49E0DC-A33C-43F3-9278-5341C1842FA6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t811-cm_\\(non-sfp\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFDE6F6D-DC10-4C72-BDEC-0B1CB7DCCEA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:zonedirector_1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AB4E62C-2532-41A9-9F1E-737D3E4DD008",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where an authenticated request to the management endpoint `/admin/_cmdstat.jsp` discloses the administrator password in a trivially reversible obfuscated form. The same obfuscation method persists in configuration prior to 200.18.7.1.302, allowing anyone who obtains the system configuration to recover the plaintext credentials."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en CommScope Ruckus Unleashed anterior a la versi\u00f3n 200.15.6.12.304, donde una solicitud autenticada al endpoint de administraci\u00f3n `/admin/_cmdstat.jsp` revela la contrase\u00f1a del administrador en una forma ofuscada f\u00e1cilmente reversible. El mismo m\u00e9todo de ofuscaci\u00f3n persiste en la configuraci\u00f3n anterior a la versi\u00f3n 200.18.7.1.302, lo que permite que cualquiera que obtenga la configuraci\u00f3n del sistema recupere las credenciales de texto plano."
}
],
"id": "CVE-2025-46119",
"lastModified": "2025-08-05T17:18:27.460",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-07-21T15:15:28.047",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sector7.computest.nl/post/2025-07-ruckus-unleashed/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://support.ruckuswireless.com/security_bulletins/330"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-555"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-21 15:15
Modified
2025-08-05 17:18
Severity ?
Summary
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279, where hard-coded credentials for the ftpuser account provide FTP access to the controller, enabling a remote attacker to upload or retrieve arbitrary files from writable firmware directories and thereby expose sensitive information or compromise the controller.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://sector7.computest.nl/post/2025-07-ruckus-unleashed/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://support.ruckuswireless.com/security_bulletins/330 | Product |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8933A8DB-2169-4969-857D-65FCC5A2687E",
"versionEndExcluding": "200.15.6.212.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF7ACF7-77A1-497E-991F-F8015017FF6B",
"versionEndExcluding": "200.17.7.0.139",
"versionStartIncluding": "200.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_zonedirector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31CEC229-C1CD-471D-93EC-BF4629393864",
"versionEndExcluding": "10.5.1.0.279",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:commscope:ruckus_c110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84B1EC30-ACC3-4141-A149-F2C912AEDC2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_e510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CB277A-B51A-4EF6-9B60-26E42DB466A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDE59EC-811F-4A5E-A4DE-C3289D8A049A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37C8E333-5C44-44BB-842F-FCDA8D8D5831",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CABADA0-2CC3-4218-BE64-7014F21166CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC533A1-7998-4363-9D94-E1472F22DE87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75F9B4E2-6E5B-4C96-A46F-06450BB81E68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510-jp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "028EEF4A-5A5B-4662-A5AA-B027EF66DF2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA2F043-9743-4FC9-AF74-20FAC503C2F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D165B27E-AA69-446F-916F-AF26E30510CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD23474-CBFE-4575-A2DA-431C0D74E2EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r350e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "208776B7-AC2A-445F-A26F-5C072EFEED0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB605D38-A71B-44FF-909D-D34348491EA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54D2D26C-E53C-41E2-9EB7-653CBF5A49E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E547E2A0-86E7-438C-9602-A2ECB247A84C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A5E2C5-E261-4FA6-AB5E-D651110C80CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44C800DC-82C3-4240-B2C0-18433FED4E3B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1677A804-8DE7-4191-8E84-9ADAE9E8269E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22845768-F360-46EC-BB48-2A68A4B6A2C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89E38958-2FEB-4945-81E0-522BD1136D26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r730:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D8F47E7-791A-44E8-A62C-B4D0F4AF80BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2A5668-2EDB-4E93-A4FA-88FCBCC057B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "473AC82B-6A00-4076-A043-E4854DA09C3E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "554AE543-CC27-4109-9F0C-E17BF2A4E22F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E815A2-09BC-4FF8-B38C-8857E626ACA1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0777F3E0-7F95-49B4-B488-5550FF922E9E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A4DF46-52A7-4F47-B9EB-8F3A1D0261DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0D8BF0-5736-44F7-8B9C-6BDCF97FF5C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCA0728-C62C-429B-ABA0-A8F853543A0F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDB7F8C-9DF1-47B4-8E82-95003744CC0B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4ED697-139A-4679-85D5-3992DEA8BB44",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5F3A97-6FC5-4592-8304-43070120AA3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE01A53-D787-4240-BF0F-EDC8BF51D6D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E23CE29C-210E-44C0-B4CF-01F2889B671D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t710s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7A8265-2895-42FF-BF64-76C73CF67112",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29911530-47EC-4865-9965-72D101827F1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C83392A-1656-473F-9F08-C3CC89FDF3FA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t811-cm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C49E0DC-A33C-43F3-9278-5341C1842FA6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t811-cm_\\(non-sfp\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFDE6F6D-DC10-4C72-BDEC-0B1CB7DCCEA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:zonedirector_1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AB4E62C-2532-41A9-9F1E-737D3E4DD008",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279, where hard-coded credentials for the ftpuser account provide FTP access to the controller, enabling a remote attacker to upload or retrieve arbitrary files from writable firmware directories and thereby expose sensitive information or compromise the controller."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en CommScope Ruckus Unleashed anterior a 200.15.6.212.14 y 200.17.7.0.139 y en Ruckus ZoneDirector anterior a 10.5.1.0.279, donde las credenciales codificadas para la cuenta ftpuser proporcionan acceso FTP al controlador, lo que permite a un atacante remoto cargar o recuperar archivos arbitrarios de directorios de firmware escribibles y, de ese modo, exponer informaci\u00f3n confidencial o comprometer el controlador."
}
],
"id": "CVE-2025-46118",
"lastModified": "2025-08-05T17:18:10.250",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-07-21T15:15:27.940",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sector7.computest.nl/post/2025-07-ruckus-unleashed/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://support.ruckuswireless.com/security_bulletins/330"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-04 17:15
Modified
2025-08-07 17:59
Severity ?
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://claroty.com/team82/disclosure-dashboard/cve-2025-44957 | Third Party Advisory | |
| cve@mitre.org | https://kb.cert.org/vuls/id/613753 | Third Party Advisory, US Government Resource | |
| cve@mitre.org | https://webresources.commscope.com/download/assets/FAQ+Security+Advisory%3A+ID+20250710/225f44ac3bd311f095821adcaa92e24e | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:commscope:ruckus_smartzone_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44F784A1-3FFC-4D0D-AA1C-79FC658C3427",
"versionEndExcluding": "6.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:commscope:ruckus_smartzone_firmware:6.1.2:-:*:*:*:*:*:*",
"matchCriteriaId": "03388446-4CF1-44E7-B065-C2757F1FB268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:commscope:ruckus_smartzone_firmware:6.1.2:p2:*:*:*:*:*:*",
"matchCriteriaId": "E24AB619-53C8-4D85-B7F4-3DD539CE4423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:commscope:ruckus_smartzone_firmware:6.1.2:p3:*:*:*:*:*:*",
"matchCriteriaId": "C27F9A43-95AD-447E-AA4F-1E76AEC465B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:commscope:ruckus_smartzone_firmware:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A03C572-D1A0-4C4A-A57B-6A7272A656CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:commscope:ruckus_smartzone_firmware:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "656A9814-B5F2-40C7-BC9E-E3F94873955E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:commscope:ruckus_virtual_smartzone:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4279B64A-E14F-4C35-833E-1BE754BA938A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:commscope:ruckus_virtual_smartzone-federal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE5F3960-145C-4263-9758-7E8F23697728",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_c110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84B1EC30-ACC3-4141-A149-F2C912AEDC2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_e510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CB277A-B51A-4EF6-9B60-26E42DB466A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDE59EC-811F-4A5E-A4DE-C3289D8A049A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37C8E333-5C44-44BB-842F-FCDA8D8D5831",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CABADA0-2CC3-4218-BE64-7014F21166CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75F9B4E2-6E5B-4C96-A46F-06450BB81E68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D165B27E-AA69-446F-916F-AF26E30510CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB605D38-A71B-44FF-909D-D34348491EA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E547E2A0-86E7-438C-9602-A2ECB247A84C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A5E2C5-E261-4FA6-AB5E-D651110C80CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22845768-F360-46EC-BB48-2A68A4B6A2C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89E38958-2FEB-4945-81E0-522BD1136D26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r730:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D8F47E7-791A-44E8-A62C-B4D0F4AF80BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2A5668-2EDB-4E93-A4FA-88FCBCC057B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_smartzone_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47D9D0D-0FB1-4E47-9249-A82EC9581198",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_smartzone_100-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C02B87AD-DEEA-4041-B5BC-CDF208208619",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_smartzone_144:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E724D3AC-394D-4413-8CCE-AC288221A491",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_smartzone_144-federal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0CB514-5AA1-4051-8C0E-FF9B1279EC7D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_smartzone_300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4AE1274-1D3E-4357-BA8D-073E37F56738",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_smartzone_300-federal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7A47BFA-B68B-475B-AB3B-5E5C083BC907",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0777F3E0-7F95-49B4-B488-5550FF922E9E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07675BAE-5475-4F6C-9229-65BD92338F5B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A4DF46-52A7-4F47-B9EB-8F3A1D0261DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0D8BF0-5736-44F7-8B9C-6BDCF97FF5C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4ED697-139A-4679-85D5-3992DEA8BB44",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29911530-47EC-4865-9965-72D101827F1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C83392A-1656-473F-9F08-C3CC89FDF3FA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:commscope:ruckus_network_director:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA45EF06-28C7-41D8-BBAC-671095FB29A5",
"versionEndExcluding": "4.5.0.51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers."
},
{
"lang": "es",
"value": "La compilaci\u00f3n de actualizaci\u00f3n de Ruckus SmartZone (SZ) anterior a la versi\u00f3n 6.1.2p3 permite omitir la autenticaci\u00f3n a trav\u00e9s de una clave API v\u00e1lida y encabezados HTTP manipulados."
}
],
"id": "CVE-2025-44957",
"lastModified": "2025-08-07T17:59:09.533",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-08-04T17:15:29.730",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2025-44957"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/613753"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://webresources.commscope.com/download/assets/FAQ+Security+Advisory%3A+ID+20250710/225f44ac3bd311f095821adcaa92e24e"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-288"
}
],
"source": "cve@mitre.org",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-04 17:15
Modified
2025-08-07 17:59
Severity ?
5.0 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ directory traversal to read files.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://claroty.com/team82/disclosure-dashboard/cve-2025-44962 | Third Party Advisory | |
| cve@mitre.org | https://kb.cert.org/vuls/id/613753 | US Government Resource | |
| cve@mitre.org | https://webresources.commscope.com/download/assets/FAQ+Security+Advisory%3A+ID+20250710/225f44ac3bd311f095821adcaa92e24e | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:commscope:ruckus_smartzone_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44F784A1-3FFC-4D0D-AA1C-79FC658C3427",
"versionEndExcluding": "6.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:commscope:ruckus_smartzone_firmware:6.1.2:-:*:*:*:*:*:*",
"matchCriteriaId": "03388446-4CF1-44E7-B065-C2757F1FB268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:commscope:ruckus_smartzone_firmware:6.1.2:p2:*:*:*:*:*:*",
"matchCriteriaId": "E24AB619-53C8-4D85-B7F4-3DD539CE4423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:commscope:ruckus_smartzone_firmware:6.1.2:p3:*:*:*:*:*:*",
"matchCriteriaId": "C27F9A43-95AD-447E-AA4F-1E76AEC465B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:commscope:ruckus_smartzone_firmware:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A03C572-D1A0-4C4A-A57B-6A7272A656CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:commscope:ruckus_smartzone_firmware:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "656A9814-B5F2-40C7-BC9E-E3F94873955E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:commscope:ruckus_virtual_smartzone:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4279B64A-E14F-4C35-833E-1BE754BA938A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:commscope:ruckus_virtual_smartzone-federal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE5F3960-145C-4263-9758-7E8F23697728",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_c110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84B1EC30-ACC3-4141-A149-F2C912AEDC2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_e510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CB277A-B51A-4EF6-9B60-26E42DB466A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDE59EC-811F-4A5E-A4DE-C3289D8A049A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37C8E333-5C44-44BB-842F-FCDA8D8D5831",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CABADA0-2CC3-4218-BE64-7014F21166CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75F9B4E2-6E5B-4C96-A46F-06450BB81E68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D165B27E-AA69-446F-916F-AF26E30510CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB605D38-A71B-44FF-909D-D34348491EA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E547E2A0-86E7-438C-9602-A2ECB247A84C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A5E2C5-E261-4FA6-AB5E-D651110C80CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22845768-F360-46EC-BB48-2A68A4B6A2C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89E38958-2FEB-4945-81E0-522BD1136D26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r730:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D8F47E7-791A-44E8-A62C-B4D0F4AF80BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2A5668-2EDB-4E93-A4FA-88FCBCC057B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_smartzone_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47D9D0D-0FB1-4E47-9249-A82EC9581198",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_smartzone_100-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C02B87AD-DEEA-4041-B5BC-CDF208208619",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_smartzone_144:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E724D3AC-394D-4413-8CCE-AC288221A491",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_smartzone_144-federal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0CB514-5AA1-4051-8C0E-FF9B1279EC7D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_smartzone_300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4AE1274-1D3E-4357-BA8D-073E37F56738",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_smartzone_300-federal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7A47BFA-B68B-475B-AB3B-5E5C083BC907",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0777F3E0-7F95-49B4-B488-5550FF922E9E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07675BAE-5475-4F6C-9229-65BD92338F5B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A4DF46-52A7-4F47-B9EB-8F3A1D0261DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0D8BF0-5736-44F7-8B9C-6BDCF97FF5C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4ED697-139A-4679-85D5-3992DEA8BB44",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29911530-47EC-4865-9965-72D101827F1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C83392A-1656-473F-9F08-C3CC89FDF3FA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:commscope:ruckus_network_director:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA45EF06-28C7-41D8-BBAC-671095FB29A5",
"versionEndExcluding": "4.5.0.51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ directory traversal to read files."
},
{
"lang": "es",
"value": "La compilaci\u00f3n de actualizaci\u00f3n de RUCKUS SmartZone (SZ) anterior a la versi\u00f3n 6.1.2p3 permite directory traversal ../ para leer archivos."
}
],
"id": "CVE-2025-44962",
"lastModified": "2025-08-07T17:59:20.320",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 1.4,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-08-04T17:15:30.367",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2025-44962"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/613753"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://webresources.commscope.com/download/assets/FAQ+Security+Advisory%3A+ID+20250710/225f44ac3bd311f095821adcaa92e24e"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-24"
}
],
"source": "cve@mitre.org",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-04 17:15
Modified
2025-08-07 17:59
Severity ?
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://claroty.com/team82/disclosure-dashboard/cve-2025-44961 | Third Party Advisory | |
| cve@mitre.org | https://kb.cert.org/vuls/id/613753 | Third Party Advisory, US Government Resource | |
| cve@mitre.org | https://webresources.commscope.com/download/assets/FAQ+Security+Advisory%3A+ID+20250710/225f44ac3bd311f095821adcaa92e24e | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:commscope:ruckus_smartzone_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44F784A1-3FFC-4D0D-AA1C-79FC658C3427",
"versionEndExcluding": "6.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:commscope:ruckus_smartzone_firmware:6.1.2:-:*:*:*:*:*:*",
"matchCriteriaId": "03388446-4CF1-44E7-B065-C2757F1FB268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:commscope:ruckus_smartzone_firmware:6.1.2:p2:*:*:*:*:*:*",
"matchCriteriaId": "E24AB619-53C8-4D85-B7F4-3DD539CE4423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:commscope:ruckus_smartzone_firmware:6.1.2:p3:*:*:*:*:*:*",
"matchCriteriaId": "C27F9A43-95AD-447E-AA4F-1E76AEC465B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:commscope:ruckus_smartzone_firmware:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A03C572-D1A0-4C4A-A57B-6A7272A656CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:commscope:ruckus_smartzone_firmware:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "656A9814-B5F2-40C7-BC9E-E3F94873955E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:commscope:ruckus_virtual_smartzone:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4279B64A-E14F-4C35-833E-1BE754BA938A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:commscope:ruckus_virtual_smartzone-federal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE5F3960-145C-4263-9758-7E8F23697728",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_c110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84B1EC30-ACC3-4141-A149-F2C912AEDC2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_e510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CB277A-B51A-4EF6-9B60-26E42DB466A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDE59EC-811F-4A5E-A4DE-C3289D8A049A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37C8E333-5C44-44BB-842F-FCDA8D8D5831",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CABADA0-2CC3-4218-BE64-7014F21166CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75F9B4E2-6E5B-4C96-A46F-06450BB81E68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D165B27E-AA69-446F-916F-AF26E30510CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB605D38-A71B-44FF-909D-D34348491EA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E547E2A0-86E7-438C-9602-A2ECB247A84C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A5E2C5-E261-4FA6-AB5E-D651110C80CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22845768-F360-46EC-BB48-2A68A4B6A2C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89E38958-2FEB-4945-81E0-522BD1136D26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r730:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D8F47E7-791A-44E8-A62C-B4D0F4AF80BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2A5668-2EDB-4E93-A4FA-88FCBCC057B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_smartzone_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47D9D0D-0FB1-4E47-9249-A82EC9581198",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_smartzone_100-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C02B87AD-DEEA-4041-B5BC-CDF208208619",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_smartzone_144:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E724D3AC-394D-4413-8CCE-AC288221A491",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_smartzone_144-federal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0CB514-5AA1-4051-8C0E-FF9B1279EC7D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_smartzone_300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4AE1274-1D3E-4357-BA8D-073E37F56738",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_smartzone_300-federal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7A47BFA-B68B-475B-AB3B-5E5C083BC907",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0777F3E0-7F95-49B4-B488-5550FF922E9E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07675BAE-5475-4F6C-9229-65BD92338F5B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A4DF46-52A7-4F47-B9EB-8F3A1D0261DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0D8BF0-5736-44F7-8B9C-6BDCF97FF5C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4ED697-139A-4679-85D5-3992DEA8BB44",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29911530-47EC-4865-9965-72D101827F1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C83392A-1656-473F-9F08-C3CC89FDF3FA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:commscope:ruckus_network_director:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA45EF06-28C7-41D8-BBAC-671095FB29A5",
"versionEndExcluding": "4.5.0.51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user."
},
{
"lang": "es",
"value": "En RUCKUS SmartZone (SZ) anterior a la versi\u00f3n de actualizaci\u00f3n 6.1.2p3, la inyecci\u00f3n de comandos del sistema operativo puede ocurrir a trav\u00e9s de un campo de direcci\u00f3n IP proporcionado por un usuario autenticado."
}
],
"id": "CVE-2025-44961",
"lastModified": "2025-08-07T17:59:15.927",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-08-04T17:15:30.210",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2025-44961"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/613753"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://webresources.commscope.com/download/assets/FAQ+Security+Advisory%3A+ID+20250710/225f44ac3bd311f095821adcaa92e24e"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "cve@mitre.org",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-21 15:15
Modified
2025-08-05 17:18
Severity ?
Summary
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates outside permitted directories, allowing a remote unauthenticated attacker who can upload a template (e.g., via FTP) to escalate privileges and run arbitrary template code on the controller.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://sector7.computest.nl/post/2025-07-ruckus-unleashed/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://support.ruckuswireless.com/security_bulletins/330 | Product |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8933A8DB-2169-4969-857D-65FCC5A2687E",
"versionEndExcluding": "200.15.6.212.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF7ACF7-77A1-497E-991F-F8015017FF6B",
"versionEndExcluding": "200.17.7.0.139",
"versionStartIncluding": "200.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_zonedirector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31CEC229-C1CD-471D-93EC-BF4629393864",
"versionEndExcluding": "10.5.1.0.279",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:commscope:ruckus_c110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84B1EC30-ACC3-4141-A149-F2C912AEDC2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_e510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CB277A-B51A-4EF6-9B60-26E42DB466A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDE59EC-811F-4A5E-A4DE-C3289D8A049A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37C8E333-5C44-44BB-842F-FCDA8D8D5831",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CABADA0-2CC3-4218-BE64-7014F21166CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC533A1-7998-4363-9D94-E1472F22DE87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75F9B4E2-6E5B-4C96-A46F-06450BB81E68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510-jp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "028EEF4A-5A5B-4662-A5AA-B027EF66DF2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA2F043-9743-4FC9-AF74-20FAC503C2F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D165B27E-AA69-446F-916F-AF26E30510CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD23474-CBFE-4575-A2DA-431C0D74E2EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r350e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "208776B7-AC2A-445F-A26F-5C072EFEED0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB605D38-A71B-44FF-909D-D34348491EA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54D2D26C-E53C-41E2-9EB7-653CBF5A49E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E547E2A0-86E7-438C-9602-A2ECB247A84C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A5E2C5-E261-4FA6-AB5E-D651110C80CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44C800DC-82C3-4240-B2C0-18433FED4E3B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1677A804-8DE7-4191-8E84-9ADAE9E8269E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22845768-F360-46EC-BB48-2A68A4B6A2C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89E38958-2FEB-4945-81E0-522BD1136D26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r730:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D8F47E7-791A-44E8-A62C-B4D0F4AF80BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2A5668-2EDB-4E93-A4FA-88FCBCC057B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "473AC82B-6A00-4076-A043-E4854DA09C3E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "554AE543-CC27-4109-9F0C-E17BF2A4E22F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E815A2-09BC-4FF8-B38C-8857E626ACA1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0777F3E0-7F95-49B4-B488-5550FF922E9E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A4DF46-52A7-4F47-B9EB-8F3A1D0261DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0D8BF0-5736-44F7-8B9C-6BDCF97FF5C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCA0728-C62C-429B-ABA0-A8F853543A0F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDB7F8C-9DF1-47B4-8E82-95003744CC0B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4ED697-139A-4679-85D5-3992DEA8BB44",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5F3A97-6FC5-4592-8304-43070120AA3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE01A53-D787-4240-BF0F-EDC8BF51D6D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E23CE29C-210E-44C0-B4CF-01F2889B671D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t710s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7A8265-2895-42FF-BF64-76C73CF67112",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29911530-47EC-4865-9965-72D101827F1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C83392A-1656-473F-9F08-C3CC89FDF3FA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t811-cm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C49E0DC-A33C-43F3-9278-5341C1842FA6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t811-cm_\\(non-sfp\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFDE6F6D-DC10-4C72-BDEC-0B1CB7DCCEA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:zonedirector_1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AB4E62C-2532-41A9-9F1E-737D3E4DD008",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates outside permitted directories, allowing a remote unauthenticated attacker who can upload a template (e.g., via FTP) to escalate privileges and run arbitrary template code on the controller."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en CommScope Ruckus Unleashed anterior a 200.14.6.1.203 y en Ruckus ZoneDirector, donde una falla de Path-Traversal en la interfaz web permite que el servidor ejecute plantillas EJS proporcionadas por el atacante fuera de los directorios permitidos, lo que permite que un atacante remoto no autenticado que puede cargar una plantilla (por ejemplo, a trav\u00e9s de FTP) escale privilegios y ejecute c\u00f3digo de plantilla arbitrario en el controlador."
}
],
"id": "CVE-2025-46120",
"lastModified": "2025-08-05T17:18:32.627",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-07-21T15:15:28.157",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sector7.computest.nl/post/2025-07-ruckus-unleashed/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://support.ruckuswireless.com/security_bulletins/330"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-21 15:15
Modified
2025-08-05 17:18
Severity ?
Summary
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the functions `stamgr_cfg_adpt_addStaFavourite` and `stamgr_cfg_adpt_addStaIot` pass a client hostname directly to snprintf as the format string. A remote attacker can exploit this flaw either by sending a crafted request to the authenticated endpoint `/admin/_conf.jsp`, or without authentication and without direct network access to the controller by spoofing the MAC address of a favourite station and embedding malicious format specifiers in the DHCP hostname field, resulting in unauthenticated format-string processing and arbitrary code execution on the controller.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://sector7.computest.nl/post/2025-07-ruckus-unleashed/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://support.ruckuswireless.com/security_bulletins/330 | Product |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8933A8DB-2169-4969-857D-65FCC5A2687E",
"versionEndExcluding": "200.15.6.212.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF7ACF7-77A1-497E-991F-F8015017FF6B",
"versionEndExcluding": "200.17.7.0.139",
"versionStartIncluding": "200.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_zonedirector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31CEC229-C1CD-471D-93EC-BF4629393864",
"versionEndExcluding": "10.5.1.0.279",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:commscope:ruckus_c110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84B1EC30-ACC3-4141-A149-F2C912AEDC2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_e510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CB277A-B51A-4EF6-9B60-26E42DB466A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDE59EC-811F-4A5E-A4DE-C3289D8A049A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37C8E333-5C44-44BB-842F-FCDA8D8D5831",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CABADA0-2CC3-4218-BE64-7014F21166CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC533A1-7998-4363-9D94-E1472F22DE87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75F9B4E2-6E5B-4C96-A46F-06450BB81E68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510-jp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "028EEF4A-5A5B-4662-A5AA-B027EF66DF2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA2F043-9743-4FC9-AF74-20FAC503C2F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D165B27E-AA69-446F-916F-AF26E30510CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD23474-CBFE-4575-A2DA-431C0D74E2EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r350e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "208776B7-AC2A-445F-A26F-5C072EFEED0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB605D38-A71B-44FF-909D-D34348491EA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54D2D26C-E53C-41E2-9EB7-653CBF5A49E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E547E2A0-86E7-438C-9602-A2ECB247A84C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A5E2C5-E261-4FA6-AB5E-D651110C80CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44C800DC-82C3-4240-B2C0-18433FED4E3B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1677A804-8DE7-4191-8E84-9ADAE9E8269E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22845768-F360-46EC-BB48-2A68A4B6A2C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89E38958-2FEB-4945-81E0-522BD1136D26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r730:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D8F47E7-791A-44E8-A62C-B4D0F4AF80BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2A5668-2EDB-4E93-A4FA-88FCBCC057B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "473AC82B-6A00-4076-A043-E4854DA09C3E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "554AE543-CC27-4109-9F0C-E17BF2A4E22F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E815A2-09BC-4FF8-B38C-8857E626ACA1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0777F3E0-7F95-49B4-B488-5550FF922E9E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A4DF46-52A7-4F47-B9EB-8F3A1D0261DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0D8BF0-5736-44F7-8B9C-6BDCF97FF5C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCA0728-C62C-429B-ABA0-A8F853543A0F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDB7F8C-9DF1-47B4-8E82-95003744CC0B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4ED697-139A-4679-85D5-3992DEA8BB44",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5F3A97-6FC5-4592-8304-43070120AA3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE01A53-D787-4240-BF0F-EDC8BF51D6D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E23CE29C-210E-44C0-B4CF-01F2889B671D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t710s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7A8265-2895-42FF-BF64-76C73CF67112",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29911530-47EC-4865-9965-72D101827F1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C83392A-1656-473F-9F08-C3CC89FDF3FA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t811-cm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C49E0DC-A33C-43F3-9278-5341C1842FA6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t811-cm_\\(non-sfp\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFDE6F6D-DC10-4C72-BDEC-0B1CB7DCCEA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:zonedirector_1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AB4E62C-2532-41A9-9F1E-737D3E4DD008",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the functions `stamgr_cfg_adpt_addStaFavourite` and `stamgr_cfg_adpt_addStaIot` pass a client hostname directly to snprintf as the format string. A remote attacker can exploit this flaw either by sending a crafted request to the authenticated endpoint `/admin/_conf.jsp`, or without authentication and without direct network access to the controller by spoofing the MAC address of a favourite station and embedding malicious format specifiers in the DHCP hostname field, resulting in unauthenticated format-string processing and arbitrary code execution on the controller."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en CommScope Ruckus Unleashed anterior a 200.15.6.212.14 y 200.17.7.0.139, donde las funciones `stamgr_cfg_adpt_addStaFavourite` y `stamgr_cfg_adpt_addStaIot` pasan el nombre de host de un cliente directamente a snprintf como cadena de formato. Un atacante remoto puede explotar esta vulnerabilidad enviando una solicitud manipulada al endpoint autenticado `/admin/_conf.jsp`, o sin autenticaci\u00f3n y sin acceso directo al controlador de red, falsificando la direcci\u00f3n MAC de una estaci\u00f3n favorita e incrustando especificadores de formato maliciosos en el campo de nombre de host DHCP, lo que resulta en el procesamiento no autenticado de la cadena de formato y la ejecuci\u00f3n de c\u00f3digo arbitrario en el controlador."
}
],
"id": "CVE-2025-46121",
"lastModified": "2025-08-05T17:18:43.993",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-07-21T15:15:28.270",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sector7.computest.nl/post/2025-07-ruckus-unleashed/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://support.ruckuswireless.com/security_bulletins/330"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-04 17:15
Modified
2025-08-07 17:55
Severity ?
9.0 (Critical) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://claroty.com/team82/disclosure-dashboard/cve-2025-44954 | Third Party Advisory | |
| cve@mitre.org | https://kb.cert.org/vuls/id/613753 | Third Party Advisory, US Government Resource | |
| cve@mitre.org | https://webresources.commscope.com/download/assets/FAQ+Security+Advisory%3A+ID+20250710/225f44ac3bd311f095821adcaa92e24e | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:commscope:ruckus_smartzone_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44F784A1-3FFC-4D0D-AA1C-79FC658C3427",
"versionEndExcluding": "6.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:commscope:ruckus_smartzone_firmware:6.1.2:-:*:*:*:*:*:*",
"matchCriteriaId": "03388446-4CF1-44E7-B065-C2757F1FB268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:commscope:ruckus_smartzone_firmware:6.1.2:p2:*:*:*:*:*:*",
"matchCriteriaId": "E24AB619-53C8-4D85-B7F4-3DD539CE4423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:commscope:ruckus_smartzone_firmware:6.1.2:p3:*:*:*:*:*:*",
"matchCriteriaId": "C27F9A43-95AD-447E-AA4F-1E76AEC465B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:commscope:ruckus_smartzone_firmware:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A03C572-D1A0-4C4A-A57B-6A7272A656CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:commscope:ruckus_smartzone_firmware:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "656A9814-B5F2-40C7-BC9E-E3F94873955E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:commscope:ruckus_virtual_smartzone:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4279B64A-E14F-4C35-833E-1BE754BA938A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:commscope:ruckus_virtual_smartzone-federal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE5F3960-145C-4263-9758-7E8F23697728",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_c110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84B1EC30-ACC3-4141-A149-F2C912AEDC2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_e510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CB277A-B51A-4EF6-9B60-26E42DB466A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDE59EC-811F-4A5E-A4DE-C3289D8A049A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37C8E333-5C44-44BB-842F-FCDA8D8D5831",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CABADA0-2CC3-4218-BE64-7014F21166CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75F9B4E2-6E5B-4C96-A46F-06450BB81E68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D165B27E-AA69-446F-916F-AF26E30510CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB605D38-A71B-44FF-909D-D34348491EA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E547E2A0-86E7-438C-9602-A2ECB247A84C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A5E2C5-E261-4FA6-AB5E-D651110C80CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22845768-F360-46EC-BB48-2A68A4B6A2C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89E38958-2FEB-4945-81E0-522BD1136D26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r730:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D8F47E7-791A-44E8-A62C-B4D0F4AF80BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2A5668-2EDB-4E93-A4FA-88FCBCC057B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_smartzone_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47D9D0D-0FB1-4E47-9249-A82EC9581198",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_smartzone_100-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C02B87AD-DEEA-4041-B5BC-CDF208208619",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_smartzone_144:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E724D3AC-394D-4413-8CCE-AC288221A491",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_smartzone_144-federal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0CB514-5AA1-4051-8C0E-FF9B1279EC7D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_smartzone_300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4AE1274-1D3E-4357-BA8D-073E37F56738",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_smartzone_300-federal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7A47BFA-B68B-475B-AB3B-5E5C083BC907",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0777F3E0-7F95-49B4-B488-5550FF922E9E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07675BAE-5475-4F6C-9229-65BD92338F5B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A4DF46-52A7-4F47-B9EB-8F3A1D0261DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0D8BF0-5736-44F7-8B9C-6BDCF97FF5C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4ED697-139A-4679-85D5-3992DEA8BB44",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29911530-47EC-4865-9965-72D101827F1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C83392A-1656-473F-9F08-C3CC89FDF3FA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account."
},
{
"lang": "es",
"value": "RUCKUS SmartZone (SZ) anterior a la versi\u00f3n de actualizaci\u00f3n 6.1.2p3 tiene una clave privada SSH codificada para una cuenta de usuario equivalente a root."
}
],
"id": "CVE-2025-44954",
"lastModified": "2025-08-07T17:55:17.870",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-08-04T17:15:29.507",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2025-44954"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/613753"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://webresources.commscope.com/download/assets/FAQ+Security+Advisory%3A+ID+20250710/225f44ac3bd311f095821adcaa92e24e"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1394"
}
],
"source": "cve@mitre.org",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-21 15:15
Modified
2025-08-05 17:18
Severity ?
Summary
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where the authenticated configuration endpoint `/admin/_conf.jsp` writes the Wi-Fi guest password to memory with snprintf using the attacker-supplied value as the format string; a crafted password therefore triggers uncontrolled format-string processing and enables remote code execution on the controller.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://sector7.computest.nl/post/2025-07-ruckus-unleashed/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://support.ruckuswireless.com/security_bulletins/330 | Product |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8933A8DB-2169-4969-857D-65FCC5A2687E",
"versionEndExcluding": "200.15.6.212.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF7ACF7-77A1-497E-991F-F8015017FF6B",
"versionEndExcluding": "200.17.7.0.139",
"versionStartIncluding": "200.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_zonedirector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31CEC229-C1CD-471D-93EC-BF4629393864",
"versionEndExcluding": "10.5.1.0.279",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:commscope:ruckus_c110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84B1EC30-ACC3-4141-A149-F2C912AEDC2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_e510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CB277A-B51A-4EF6-9B60-26E42DB466A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDE59EC-811F-4A5E-A4DE-C3289D8A049A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37C8E333-5C44-44BB-842F-FCDA8D8D5831",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CABADA0-2CC3-4218-BE64-7014F21166CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC533A1-7998-4363-9D94-E1472F22DE87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75F9B4E2-6E5B-4C96-A46F-06450BB81E68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510-jp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "028EEF4A-5A5B-4662-A5AA-B027EF66DF2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA2F043-9743-4FC9-AF74-20FAC503C2F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D165B27E-AA69-446F-916F-AF26E30510CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD23474-CBFE-4575-A2DA-431C0D74E2EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r350e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "208776B7-AC2A-445F-A26F-5C072EFEED0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB605D38-A71B-44FF-909D-D34348491EA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54D2D26C-E53C-41E2-9EB7-653CBF5A49E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E547E2A0-86E7-438C-9602-A2ECB247A84C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A5E2C5-E261-4FA6-AB5E-D651110C80CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44C800DC-82C3-4240-B2C0-18433FED4E3B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1677A804-8DE7-4191-8E84-9ADAE9E8269E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22845768-F360-46EC-BB48-2A68A4B6A2C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89E38958-2FEB-4945-81E0-522BD1136D26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r730:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D8F47E7-791A-44E8-A62C-B4D0F4AF80BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2A5668-2EDB-4E93-A4FA-88FCBCC057B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "473AC82B-6A00-4076-A043-E4854DA09C3E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "554AE543-CC27-4109-9F0C-E17BF2A4E22F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E815A2-09BC-4FF8-B38C-8857E626ACA1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0777F3E0-7F95-49B4-B488-5550FF922E9E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A4DF46-52A7-4F47-B9EB-8F3A1D0261DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0D8BF0-5736-44F7-8B9C-6BDCF97FF5C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCA0728-C62C-429B-ABA0-A8F853543A0F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDB7F8C-9DF1-47B4-8E82-95003744CC0B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4ED697-139A-4679-85D5-3992DEA8BB44",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5F3A97-6FC5-4592-8304-43070120AA3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE01A53-D787-4240-BF0F-EDC8BF51D6D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E23CE29C-210E-44C0-B4CF-01F2889B671D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t710s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7A8265-2895-42FF-BF64-76C73CF67112",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29911530-47EC-4865-9965-72D101827F1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C83392A-1656-473F-9F08-C3CC89FDF3FA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t811-cm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C49E0DC-A33C-43F3-9278-5341C1842FA6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t811-cm_\\(non-sfp\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFDE6F6D-DC10-4C72-BDEC-0B1CB7DCCEA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:zonedirector_1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AB4E62C-2532-41A9-9F1E-737D3E4DD008",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where the authenticated configuration endpoint `/admin/_conf.jsp` writes the Wi-Fi guest password to memory with snprintf using the attacker-supplied value as the format string; a crafted password therefore triggers uncontrolled format-string processing and enables remote code execution on the controller."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en CommScope Ruckus Unleashed anterior a 200.15.6.212.14 y 200.17.7.0.139, y en Ruckus ZoneDirector anterior a 10.5.1.0.279, donde el endpoint de configuraci\u00f3n autenticado `/admin/_conf.jsp` escribe la contrase\u00f1a de invitado de Wi-Fi en la memoria con snprintf usando el valor proporcionado por el atacante como cadena de formato; por lo tanto, una contrase\u00f1a manipulada desencadena un procesamiento descontrolado de la cadena de formato y permite la ejecuci\u00f3n remota de c\u00f3digo en el controlador."
}
],
"id": "CVE-2025-46123",
"lastModified": "2025-08-05T17:18:56.067",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-07-21T15:15:28.500",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sector7.computest.nl/post/2025-07-ruckus-unleashed/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://support.ruckuswireless.com/security_bulletins/330"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-21 15:15
Modified
2025-08-05 17:17
Severity ?
Summary
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where a hidden debug script `.ap_debug.sh` invoked from the restricted CLI does not properly sanitize its input, allowing an authenticated attacker to execute arbitrary commands as root on the controller or specified target.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://sector7.computest.nl/post/2025-07-ruckus-unleashed/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://support.ruckuswireless.com/security_bulletins/330 | Product |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8933A8DB-2169-4969-857D-65FCC5A2687E",
"versionEndExcluding": "200.15.6.212.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF7ACF7-77A1-497E-991F-F8015017FF6B",
"versionEndExcluding": "200.17.7.0.139",
"versionStartIncluding": "200.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_zonedirector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31CEC229-C1CD-471D-93EC-BF4629393864",
"versionEndExcluding": "10.5.1.0.279",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:commscope:ruckus_c110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84B1EC30-ACC3-4141-A149-F2C912AEDC2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_e510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CB277A-B51A-4EF6-9B60-26E42DB466A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDE59EC-811F-4A5E-A4DE-C3289D8A049A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37C8E333-5C44-44BB-842F-FCDA8D8D5831",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CABADA0-2CC3-4218-BE64-7014F21166CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC533A1-7998-4363-9D94-E1472F22DE87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75F9B4E2-6E5B-4C96-A46F-06450BB81E68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510-jp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "028EEF4A-5A5B-4662-A5AA-B027EF66DF2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA2F043-9743-4FC9-AF74-20FAC503C2F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D165B27E-AA69-446F-916F-AF26E30510CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD23474-CBFE-4575-A2DA-431C0D74E2EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r350e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "208776B7-AC2A-445F-A26F-5C072EFEED0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB605D38-A71B-44FF-909D-D34348491EA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54D2D26C-E53C-41E2-9EB7-653CBF5A49E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E547E2A0-86E7-438C-9602-A2ECB247A84C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A5E2C5-E261-4FA6-AB5E-D651110C80CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44C800DC-82C3-4240-B2C0-18433FED4E3B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1677A804-8DE7-4191-8E84-9ADAE9E8269E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22845768-F360-46EC-BB48-2A68A4B6A2C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89E38958-2FEB-4945-81E0-522BD1136D26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r730:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D8F47E7-791A-44E8-A62C-B4D0F4AF80BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2A5668-2EDB-4E93-A4FA-88FCBCC057B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "473AC82B-6A00-4076-A043-E4854DA09C3E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "554AE543-CC27-4109-9F0C-E17BF2A4E22F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E815A2-09BC-4FF8-B38C-8857E626ACA1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0777F3E0-7F95-49B4-B488-5550FF922E9E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A4DF46-52A7-4F47-B9EB-8F3A1D0261DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0D8BF0-5736-44F7-8B9C-6BDCF97FF5C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCA0728-C62C-429B-ABA0-A8F853543A0F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDB7F8C-9DF1-47B4-8E82-95003744CC0B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4ED697-139A-4679-85D5-3992DEA8BB44",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5F3A97-6FC5-4592-8304-43070120AA3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE01A53-D787-4240-BF0F-EDC8BF51D6D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E23CE29C-210E-44C0-B4CF-01F2889B671D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t710s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7A8265-2895-42FF-BF64-76C73CF67112",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29911530-47EC-4865-9965-72D101827F1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C83392A-1656-473F-9F08-C3CC89FDF3FA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t811-cm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C49E0DC-A33C-43F3-9278-5341C1842FA6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t811-cm_\\(non-sfp\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFDE6F6D-DC10-4C72-BDEC-0B1CB7DCCEA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:zonedirector_1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AB4E62C-2532-41A9-9F1E-737D3E4DD008",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where a hidden debug script `.ap_debug.sh` invoked from the restricted CLI does not properly sanitize its input, allowing an authenticated attacker to execute arbitrary commands as root on the controller or specified target."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en CommScope Ruckus Unleashed anterior a 200.15.6.212.14 y 200.17.7.0.139, y en Ruckus ZoneDirector anterior a 10.5.1.0.279, donde un script de depuraci\u00f3n oculto `.ap_debug.sh` invocado desde la CLI no depura correctamente su entrada, lo que permite que un atacante autenticado ejecute comandos arbitrarios como root en el controlador o el objetivo especificado."
}
],
"id": "CVE-2025-46117",
"lastModified": "2025-08-05T17:17:58.943",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-07-21T15:15:27.823",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sector7.computest.nl/post/2025-07-ruckus-unleashed/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://support.ruckuswireless.com/security_bulletins/330"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CVE-2025-44961 (GCVE-0-2025-44961)
Vulnerability from cvelistv5
Published
2025-08-04 00:00
Modified
2025-08-05 14:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-44961",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T14:42:39.227752Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T14:43:23.513Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SmartZone",
"vendor": "RUCKUS",
"versions": [
{
"lessThan": "6.1.2p3 Refresh Build",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T16:38:01.189Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/613753"
},
{
"url": "https://webresources.commscope.com/download/assets/FAQ+Security+Advisory%3A+ID+20250710/225f44ac3bd311f095821adcaa92e24e"
},
{
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2025-44961"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-44961",
"datePublished": "2025-08-04T00:00:00.000Z",
"dateReserved": "2025-04-22T00:00:00.000Z",
"dateUpdated": "2025-08-05T14:43:23.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-44960 (GCVE-0-2025-44960)
Vulnerability from cvelistv5
Published
2025-08-04 00:00
Modified
2025-08-05 17:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-44960",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T17:41:52.455557Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T17:41:58.260Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SmartZone",
"vendor": "RUCKUS",
"versions": [
{
"lessThan": "6.1.2p3 Refresh Build",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T16:41:52.359Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/613753"
},
{
"url": "https://webresources.commscope.com/download/assets/FAQ+Security+Advisory%3A+ID+20250710/225f44ac3bd311f095821adcaa92e24e"
},
{
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2025-44960"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-44960",
"datePublished": "2025-08-04T00:00:00.000Z",
"dateReserved": "2025-04-22T00:00:00.000Z",
"dateUpdated": "2025-08-05T17:41:58.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46116 (GCVE-0-2025-46116)
Vulnerability from cvelistv5
Published
2025-07-21 00:00
Modified
2025-07-22 16:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command `!v54!` via a management API call and then invoke it to escape the restricted shell and obtain a root shell on the controller.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-46116",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-21T18:13:04.116393Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T18:15:55.668Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command `!v54!` via a management API call and then invoke it to escape the restricted shell and obtain a root shell on the controller."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T16:53:31.177Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.ruckuswireless.com/security_bulletins/330"
},
{
"url": "https://sector7.computest.nl/post/2025-07-ruckus-unleashed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-46116",
"datePublished": "2025-07-21T00:00:00.000Z",
"dateReserved": "2025-04-22T00:00:00.000Z",
"dateUpdated": "2025-07-22T16:53:31.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46121 (GCVE-0-2025-46121)
Vulnerability from cvelistv5
Published
2025-07-21 00:00
Modified
2025-07-28 19:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the functions `stamgr_cfg_adpt_addStaFavourite` and `stamgr_cfg_adpt_addStaIot` pass a client hostname directly to snprintf as the format string. A remote attacker can exploit this flaw either by sending a crafted request to the authenticated endpoint `/admin/_conf.jsp`, or without authentication and without direct network access to the controller by spoofing the MAC address of a favourite station and embedding malicious format specifiers in the DHCP hostname field, resulting in unauthenticated format-string processing and arbitrary code execution on the controller.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-46121",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T19:42:03.326491Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134 Use of Externally-Controlled Format String",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T19:42:06.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the functions `stamgr_cfg_adpt_addStaFavourite` and `stamgr_cfg_adpt_addStaIot` pass a client hostname directly to snprintf as the format string. A remote attacker can exploit this flaw either by sending a crafted request to the authenticated endpoint `/admin/_conf.jsp`, or without authentication and without direct network access to the controller by spoofing the MAC address of a favourite station and embedding malicious format specifiers in the DHCP hostname field, resulting in unauthenticated format-string processing and arbitrary code execution on the controller."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T16:57:53.429Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.ruckuswireless.com/security_bulletins/330"
},
{
"url": "https://sector7.computest.nl/post/2025-07-ruckus-unleashed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-46121",
"datePublished": "2025-07-21T00:00:00.000Z",
"dateReserved": "2025-04-22T00:00:00.000Z",
"dateUpdated": "2025-07-28T19:42:06.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46117 (GCVE-0-2025-46117)
Vulnerability from cvelistv5
Published
2025-07-21 00:00
Modified
2025-07-23 17:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where a hidden debug script `.ap_debug.sh` invoked from the restricted CLI does not properly sanitize its input, allowing an authenticated attacker to execute arbitrary commands as root on the controller or specified target.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-46117",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-21T19:48:58.503501Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T17:21:00.524Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where a hidden debug script `.ap_debug.sh` invoked from the restricted CLI does not properly sanitize its input, allowing an authenticated attacker to execute arbitrary commands as root on the controller or specified target."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T16:54:53.429Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.ruckuswireless.com/security_bulletins/330"
},
{
"url": "https://sector7.computest.nl/post/2025-07-ruckus-unleashed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-46117",
"datePublished": "2025-07-21T00:00:00.000Z",
"dateReserved": "2025-04-22T00:00:00.000Z",
"dateUpdated": "2025-07-23T17:21:00.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46123 (GCVE-0-2025-46123)
Vulnerability from cvelistv5
Published
2025-07-21 00:00
Modified
2025-07-24 20:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where the authenticated configuration endpoint `/admin/_conf.jsp` writes the Wi-Fi guest password to memory with snprintf using the attacker-supplied value as the format string; a crafted password therefore triggers uncontrolled format-string processing and enables remote code execution on the controller.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-46123",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T20:24:11.597336Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134 Use of Externally-Controlled Format String",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T20:25:38.729Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where the authenticated configuration endpoint `/admin/_conf.jsp` writes the Wi-Fi guest password to memory with snprintf using the attacker-supplied value as the format string; a crafted password therefore triggers uncontrolled format-string processing and enables remote code execution on the controller."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T16:59:04.302Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.ruckuswireless.com/security_bulletins/330"
},
{
"url": "https://sector7.computest.nl/post/2025-07-ruckus-unleashed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-46123",
"datePublished": "2025-07-21T00:00:00.000Z",
"dateReserved": "2025-04-22T00:00:00.000Z",
"dateUpdated": "2025-07-24T20:25:38.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-44954 (GCVE-0-2025-44954)
Vulnerability from cvelistv5
Published
2025-08-04 00:00
Modified
2025-08-05 17:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1394 - Use of Default Cryptographic Key
Summary
RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-44954",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T17:43:37.876639Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T17:43:44.355Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SmartZone",
"vendor": "RUCKUS",
"versions": [
{
"lessThan": "6.1.2p3 Refresh Build",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1394",
"description": "CWE-1394 Use of Default Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T16:39:22.087Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/613753"
},
{
"url": "https://webresources.commscope.com/download/assets/FAQ+Security+Advisory%3A+ID+20250710/225f44ac3bd311f095821adcaa92e24e"
},
{
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2025-44954"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-44954",
"datePublished": "2025-08-04T00:00:00.000Z",
"dateReserved": "2025-04-22T00:00:00.000Z",
"dateUpdated": "2025-08-05T17:43:44.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-44957 (GCVE-0-2025-44957)
Vulnerability from cvelistv5
Published
2025-08-04 00:00
Modified
2025-08-05 17:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Summary
Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-44957",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T17:42:35.737516Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T17:42:42.726Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SmartZone",
"vendor": "RUCKUS",
"versions": [
{
"lessThan": "6.1.2p3 Refresh Build",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T16:41:04.649Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/613753"
},
{
"url": "https://webresources.commscope.com/download/assets/FAQ+Security+Advisory%3A+ID+20250710/225f44ac3bd311f095821adcaa92e24e"
},
{
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2025-44957"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-44957",
"datePublished": "2025-08-04T00:00:00.000Z",
"dateReserved": "2025-04-22T00:00:00.000Z",
"dateUpdated": "2025-08-05T17:42:42.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-44962 (GCVE-0-2025-44962)
Vulnerability from cvelistv5
Published
2025-08-04 00:00
Modified
2025-08-05 17:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-24 - Path Traversal: '../filedir'
Summary
RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ directory traversal to read files.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-44962",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T17:43:13.507793Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T17:43:19.325Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SmartZone",
"vendor": "RUCKUS",
"versions": [
{
"lessThan": "6.1.2p3 Refresh Build",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ directory traversal to read files."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T16:40:11.641Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/613753"
},
{
"url": "https://webresources.commscope.com/download/assets/FAQ+Security+Advisory%3A+ID+20250710/225f44ac3bd311f095821adcaa92e24e"
},
{
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2025-44962"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-44962",
"datePublished": "2025-08-04T00:00:00.000Z",
"dateReserved": "2025-04-22T00:00:00.000Z",
"dateUpdated": "2025-08-05T17:43:19.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46118 (GCVE-0-2025-46118)
Vulnerability from cvelistv5
Published
2025-07-21 00:00
Modified
2025-07-28 19:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279, where hard-coded credentials for the ftpuser account provide FTP access to the controller, enabling a remote attacker to upload or retrieve arbitrary files from writable firmware directories and thereby expose sensitive information or compromise the controller.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-46118",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T17:19:55.464493Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T19:37:41.834Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279, where hard-coded credentials for the ftpuser account provide FTP access to the controller, enabling a remote attacker to upload or retrieve arbitrary files from writable firmware directories and thereby expose sensitive information or compromise the controller."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T16:55:41.942Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.ruckuswireless.com/security_bulletins/330"
},
{
"url": "https://sector7.computest.nl/post/2025-07-ruckus-unleashed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-46118",
"datePublished": "2025-07-21T00:00:00.000Z",
"dateReserved": "2025-04-22T00:00:00.000Z",
"dateUpdated": "2025-07-28T19:37:41.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46122 (GCVE-0-2025-46122)
Vulnerability from cvelistv5
Published
2025-07-21 00:00
Modified
2025-07-23 17:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the authenticated diagnostics API endpoint `/admin/_cmdstat.jsp` passes attacker-controlled input to the shell without adequate validation, enabling a remote attacker to specify a target by MAC address and execute arbitrary commands as root.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-46122",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T17:15:07.246569Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T17:16:46.566Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the authenticated diagnostics API endpoint `/admin/_cmdstat.jsp` passes attacker-controlled input to the shell without adequate validation, enabling a remote attacker to specify a target by MAC address and execute arbitrary commands as root."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T16:58:27.395Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.ruckuswireless.com/security_bulletins/330"
},
{
"url": "https://sector7.computest.nl/post/2025-07-ruckus-unleashed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-46122",
"datePublished": "2025-07-21T00:00:00.000Z",
"dateReserved": "2025-04-22T00:00:00.000Z",
"dateUpdated": "2025-07-23T17:16:46.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46120 (GCVE-0-2025-46120)
Vulnerability from cvelistv5
Published
2025-07-21 00:00
Modified
2025-07-23 17:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates outside permitted directories, allowing a remote unauthenticated attacker who can upload a template (e.g., via FTP) to escalate privileges and run arbitrary template code on the controller.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-46120",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T17:18:14.778084Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T17:18:49.943Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates outside permitted directories, allowing a remote unauthenticated attacker who can upload a template (e.g., via FTP) to escalate privileges and run arbitrary template code on the controller."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T16:57:05.024Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.ruckuswireless.com/security_bulletins/330"
},
{
"url": "https://sector7.computest.nl/post/2025-07-ruckus-unleashed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-46120",
"datePublished": "2025-07-21T00:00:00.000Z",
"dateReserved": "2025-04-22T00:00:00.000Z",
"dateUpdated": "2025-07-23T17:18:49.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46119 (GCVE-0-2025-46119)
Vulnerability from cvelistv5
Published
2025-07-21 00:00
Modified
2025-07-23 17:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where an authenticated request to the management endpoint `/admin/_cmdstat.jsp` discloses the administrator password in a trivially reversible obfuscated form. The same obfuscation method persists in configuration prior to 200.18.7.1.302, allowing anyone who obtains the system configuration to recover the plaintext credentials.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-46119",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T17:19:14.851128Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-555",
"description": "CWE-555 J2EE Misconfiguration: Plaintext Password in Configuration File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T17:19:32.729Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where an authenticated request to the management endpoint `/admin/_cmdstat.jsp` discloses the administrator password in a trivially reversible obfuscated form. The same obfuscation method persists in configuration prior to 200.18.7.1.302, allowing anyone who obtains the system configuration to recover the plaintext credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T17:21:04.737Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.ruckuswireless.com/security_bulletins/330"
},
{
"url": "https://sector7.computest.nl/post/2025-07-ruckus-unleashed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-46119",
"datePublished": "2025-07-21T00:00:00.000Z",
"dateReserved": "2025-04-22T00:00:00.000Z",
"dateUpdated": "2025-07-23T17:19:32.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}