fkie_cve-2025-44960
Vulnerability from fkie_nvd
Published
2025-08-04 17:15
Modified
2025-08-07 17:59
Severity ?
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://claroty.com/team82/disclosure-dashboard/cve-2025-44960 | Third Party Advisory | |
| cve@mitre.org | https://kb.cert.org/vuls/id/613753 | Third Party Advisory, US Government Resource | |
| cve@mitre.org | https://webresources.commscope.com/download/assets/FAQ+Security+Advisory%3A+ID+20250710/225f44ac3bd311f095821adcaa92e24e | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:commscope:ruckus_smartzone_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44F784A1-3FFC-4D0D-AA1C-79FC658C3427",
"versionEndExcluding": "6.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:commscope:ruckus_smartzone_firmware:6.1.2:-:*:*:*:*:*:*",
"matchCriteriaId": "03388446-4CF1-44E7-B065-C2757F1FB268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:commscope:ruckus_smartzone_firmware:6.1.2:p2:*:*:*:*:*:*",
"matchCriteriaId": "E24AB619-53C8-4D85-B7F4-3DD539CE4423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:commscope:ruckus_smartzone_firmware:6.1.2:p3:*:*:*:*:*:*",
"matchCriteriaId": "C27F9A43-95AD-447E-AA4F-1E76AEC465B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:commscope:ruckus_smartzone_firmware:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A03C572-D1A0-4C4A-A57B-6A7272A656CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:commscope:ruckus_smartzone_firmware:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "656A9814-B5F2-40C7-BC9E-E3F94873955E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:commscope:ruckus_virtual_smartzone:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4279B64A-E14F-4C35-833E-1BE754BA938A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:commscope:ruckus_virtual_smartzone-federal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE5F3960-145C-4263-9758-7E8F23697728",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_c110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84B1EC30-ACC3-4141-A149-F2C912AEDC2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_e510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CB277A-B51A-4EF6-9B60-26E42DB466A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDE59EC-811F-4A5E-A4DE-C3289D8A049A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37C8E333-5C44-44BB-842F-FCDA8D8D5831",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CABADA0-2CC3-4218-BE64-7014F21166CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75F9B4E2-6E5B-4C96-A46F-06450BB81E68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D165B27E-AA69-446F-916F-AF26E30510CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB605D38-A71B-44FF-909D-D34348491EA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E547E2A0-86E7-438C-9602-A2ECB247A84C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A5E2C5-E261-4FA6-AB5E-D651110C80CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22845768-F360-46EC-BB48-2A68A4B6A2C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89E38958-2FEB-4945-81E0-522BD1136D26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r730:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D8F47E7-791A-44E8-A62C-B4D0F4AF80BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2A5668-2EDB-4E93-A4FA-88FCBCC057B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_smartzone_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47D9D0D-0FB1-4E47-9249-A82EC9581198",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_smartzone_100-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C02B87AD-DEEA-4041-B5BC-CDF208208619",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_smartzone_144:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E724D3AC-394D-4413-8CCE-AC288221A491",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_smartzone_144-federal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0CB514-5AA1-4051-8C0E-FF9B1279EC7D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_smartzone_300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4AE1274-1D3E-4357-BA8D-073E37F56738",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_smartzone_300-federal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7A47BFA-B68B-475B-AB3B-5E5C083BC907",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0777F3E0-7F95-49B4-B488-5550FF922E9E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07675BAE-5475-4F6C-9229-65BD92338F5B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A4DF46-52A7-4F47-B9EB-8F3A1D0261DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0D8BF0-5736-44F7-8B9C-6BDCF97FF5C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4ED697-139A-4679-85D5-3992DEA8BB44",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29911530-47EC-4865-9965-72D101827F1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C83392A-1656-473F-9F08-C3CC89FDF3FA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:commscope:ruckus_network_director:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA45EF06-28C7-41D8-BBAC-671095FB29A5",
"versionEndExcluding": "4.5.0.51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route."
},
{
"lang": "es",
"value": "La compilaci\u00f3n de actualizaci\u00f3n de RUCKUS SmartZone (SZ) anterior a la versi\u00f3n 6.1.2p3 permite la inyecci\u00f3n de comandos del sistema operativo a trav\u00e9s de un determinado par\u00e1metro en una ruta API."
}
],
"id": "CVE-2025-44960",
"lastModified": "2025-08-07T17:59:12.387",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-08-04T17:15:30.050",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2025-44960"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/613753"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://webresources.commscope.com/download/assets/FAQ+Security+Advisory%3A+ID+20250710/225f44ac3bd311f095821adcaa92e24e"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "cve@mitre.org",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…