fkie_nvd - fkie_cve-2025-46117

fkie_cve-2025-46117

Vulnerability from fkie_nvd

Published

2025-07-21 15:15

Modified

2025-08-05 17:17

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Summary

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where a hidden debug script `.ap_debug.sh` invoked from the restricted CLI does not properly sanitize its input, allowing an authenticated attacker to execute arbitrary commands as root on the controller or specified target.

References

▶	URL	Tags
	cve@mitre.org	https://sector7.computest.nl/post/2025-07-ruckus-unleashed/	Exploit, Third Party Advisory
	cve@mitre.org	https://support.ruckuswireless.com/security_bulletins/330	Product

Impacted products

Vendor	Product	Version
ruckuswireless	ruckus_unleashed	*
ruckuswireless	ruckus_unleashed	*
ruckuswireless	ruckus_zonedirector	*
commscope	ruckus_c110	-
commscope	ruckus_e510	-
commscope	ruckus_h320	-
commscope	ruckus_h350	-
commscope	ruckus_h510	-
commscope	ruckus_h550	-
commscope	ruckus_m510	-
commscope	ruckus_m510-jp	-
commscope	ruckus_r310	-
commscope	ruckus_r320	-
commscope	ruckus_r350	-
commscope	ruckus_r350e	-
commscope	ruckus_r510	-
commscope	ruckus_r550	-
commscope	ruckus_r560	-
commscope	ruckus_r610	-
commscope	ruckus_r650	-
commscope	ruckus_r670	-
commscope	ruckus_r710	-
commscope	ruckus_r720	-
commscope	ruckus_r730	-
commscope	ruckus_r750	-
commscope	ruckus_r760	-
commscope	ruckus_r770	-
commscope	ruckus_r850	-
commscope	ruckus_t310c	-
commscope	ruckus_t310n	-
commscope	ruckus_t310s	-
commscope	ruckus_t350c	-
commscope	ruckus_t350d	-
commscope	ruckus_t350se	-
commscope	ruckus_t610	-
commscope	ruckus_t670	-
commscope	ruckus_t710	-
commscope	ruckus_t710s	-
commscope	ruckus_t750	-
commscope	ruckus_t750se	-
commscope	ruckus_t811-cm	-
commscope	ruckus_t811-cm_\(non-sfp\)	-
commscope	zonedirector_1200	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8933A8DB-2169-4969-857D-65FCC5A2687E",
              "versionEndExcluding": "200.15.6.212.14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BF7ACF7-77A1-497E-991F-F8015017FF6B",
              "versionEndExcluding": "200.17.7.0.139",
              "versionStartIncluding": "200.17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruckuswireless:ruckus_zonedirector:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "31CEC229-C1CD-471D-93EC-BF4629393864",
              "versionEndExcluding": "10.5.1.0.279",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_c110:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "84B1EC30-ACC3-4141-A149-F2C912AEDC2B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_e510:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1CB277A-B51A-4EF6-9B60-26E42DB466A3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_h320:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EDE59EC-811F-4A5E-A4DE-C3289D8A049A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_h350:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "37C8E333-5C44-44BB-842F-FCDA8D8D5831",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_h510:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CABADA0-2CC3-4218-BE64-7014F21166CD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_h550:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DC533A1-7998-4363-9D94-E1472F22DE87",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_m510:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "75F9B4E2-6E5B-4C96-A46F-06450BB81E68",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_m510-jp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "028EEF4A-5A5B-4662-A5AA-B027EF66DF2B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_r310:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BA2F043-9743-4FC9-AF74-20FAC503C2F2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_r320:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D165B27E-AA69-446F-916F-AF26E30510CA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_r350:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BD23474-CBFE-4575-A2DA-431C0D74E2EE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_r350e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "208776B7-AC2A-445F-A26F-5C072EFEED0E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_r510:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB605D38-A71B-44FF-909D-D34348491EA8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_r550:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "54D2D26C-E53C-41E2-9EB7-653CBF5A49E7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_r560:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E547E2A0-86E7-438C-9602-A2ECB247A84C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_r610:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3A5E2C5-E261-4FA6-AB5E-D651110C80CB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_r650:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "44C800DC-82C3-4240-B2C0-18433FED4E3B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_r670:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1677A804-8DE7-4191-8E84-9ADAE9E8269E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_r710:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "22845768-F360-46EC-BB48-2A68A4B6A2C8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_r720:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "89E38958-2FEB-4945-81E0-522BD1136D26",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_r730:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D8F47E7-791A-44E8-A62C-B4D0F4AF80BD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_r750:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A2A5668-2EDB-4E93-A4FA-88FCBCC057B1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_r760:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "473AC82B-6A00-4076-A043-E4854DA09C3E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_r770:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "554AE543-CC27-4109-9F0C-E17BF2A4E22F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_r850:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "92E815A2-09BC-4FF8-B38C-8857E626ACA1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_t310c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0777F3E0-7F95-49B4-B488-5550FF922E9E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_t310n:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23A4DF46-52A7-4F47-B9EB-8F3A1D0261DA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_t310s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD0D8BF0-5736-44F7-8B9C-6BDCF97FF5C9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_t350c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBCA0728-C62C-429B-ABA0-A8F853543A0F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_t350d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DDB7F8C-9DF1-47B4-8E82-95003744CC0B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_t350se:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B4ED697-139A-4679-85D5-3992DEA8BB44",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_t610:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5F3A97-6FC5-4592-8304-43070120AA3A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_t670:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACE01A53-D787-4240-BF0F-EDC8BF51D6D1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_t710:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E23CE29C-210E-44C0-B4CF-01F2889B671D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_t710s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD7A8265-2895-42FF-BF64-76C73CF67112",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_t750:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "29911530-47EC-4865-9965-72D101827F1A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_t750se:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C83392A-1656-473F-9F08-C3CC89FDF3FA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_t811-cm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C49E0DC-A33C-43F3-9278-5341C1842FA6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:ruckus_t811-cm_\\(non-sfp\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFDE6F6D-DC10-4C72-BDEC-0B1CB7DCCEA9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:commscope:zonedirector_1200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AB4E62C-2532-41A9-9F1E-737D3E4DD008",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where a hidden debug script `.ap_debug.sh` invoked from the restricted CLI does not properly sanitize its input, allowing an authenticated attacker to execute arbitrary commands as root on the controller or specified target."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en CommScope Ruckus Unleashed anterior a 200.15.6.212.14 y 200.17.7.0.139, y en Ruckus ZoneDirector anterior a 10.5.1.0.279, donde un script de depuraci\u00f3n oculto `.ap_debug.sh` invocado desde la CLI no depura correctamente su entrada, lo que permite que un atacante autenticado ejecute comandos arbitrarios como root en el controlador o el objetivo especificado."
    }
  ],
  "id": "CVE-2025-46117",
  "lastModified": "2025-08-05T17:17:58.943",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 6.0,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-07-21T15:15:27.823",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://sector7.computest.nl/post/2025-07-ruckus-unleashed/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product"
      ],
      "url": "https://support.ruckuswireless.com/security_bulletins/330"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CVE-2025-46117 (GCVE-0-2025-46117)

Vulnerability from cvelistv5

Published

2025-07-21 00:00