6.3

CVE-2025-46119

Exploit

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where an authenticated request to the management endpoint `/admin/_cmdstat.jsp` discloses the administrator password in a trivially reversible obfuscated form. The same obfuscation method persists in configuration prior to 200.18.7.1.302, allowing anyone who obtains the system configuration to recover the plaintext credentials.

Data is provided by the National Vulnerability Database (NVD)
RuckuswirelessRuckus Unleashed Version < 200.15.6.212.14
   CommscopeRuckus C110 Version-
   CommscopeRuckus E510 Version-
   CommscopeRuckus H320 Version-
   CommscopeRuckus H350 Version-
   CommscopeRuckus H510 Version-
   CommscopeRuckus H550 Version-
   CommscopeRuckus M510 Version-
   CommscopeRuckus M510-jp Version-
   CommscopeRuckus R310 Version-
   CommscopeRuckus R320 Version-
   CommscopeRuckus R350 Version-
   CommscopeRuckus R350e Version-
   CommscopeRuckus R510 Version-
   CommscopeRuckus R550 Version-
   CommscopeRuckus R560 Version-
   CommscopeRuckus R610 Version-
   CommscopeRuckus R650 Version-
   CommscopeRuckus R670 Version-
   CommscopeRuckus R710 Version-
   CommscopeRuckus R720 Version-
   CommscopeRuckus R730 Version-
   CommscopeRuckus R750 Version-
   CommscopeRuckus R760 Version-
   CommscopeRuckus R770 Version-
   CommscopeRuckus R850 Version-
   CommscopeRuckus T310c Version-
   CommscopeRuckus T310n Version-
   CommscopeRuckus T310s Version-
   CommscopeRuckus T350c Version-
   CommscopeRuckus T350d Version-
   CommscopeRuckus T350se Version-
   CommscopeRuckus T610 Version-
   CommscopeRuckus T670 Version-
   CommscopeRuckus T710 Version-
   CommscopeRuckus T710s Version-
   CommscopeRuckus T750 Version-
   CommscopeRuckus T750se Version-
   CommscopeRuckus T811-cm Version-
   CommscopeZonedirector 1200 Version-
RuckuswirelessRuckus Unleashed Version >= 200.17 < 200.17.7.0.139
   CommscopeRuckus C110 Version-
   CommscopeRuckus E510 Version-
   CommscopeRuckus H320 Version-
   CommscopeRuckus H350 Version-
   CommscopeRuckus H510 Version-
   CommscopeRuckus H550 Version-
   CommscopeRuckus M510 Version-
   CommscopeRuckus M510-jp Version-
   CommscopeRuckus R310 Version-
   CommscopeRuckus R320 Version-
   CommscopeRuckus R350 Version-
   CommscopeRuckus R350e Version-
   CommscopeRuckus R510 Version-
   CommscopeRuckus R550 Version-
   CommscopeRuckus R560 Version-
   CommscopeRuckus R610 Version-
   CommscopeRuckus R650 Version-
   CommscopeRuckus R670 Version-
   CommscopeRuckus R710 Version-
   CommscopeRuckus R720 Version-
   CommscopeRuckus R730 Version-
   CommscopeRuckus R750 Version-
   CommscopeRuckus R760 Version-
   CommscopeRuckus R770 Version-
   CommscopeRuckus R850 Version-
   CommscopeRuckus T310c Version-
   CommscopeRuckus T310n Version-
   CommscopeRuckus T310s Version-
   CommscopeRuckus T350c Version-
   CommscopeRuckus T350d Version-
   CommscopeRuckus T350se Version-
   CommscopeRuckus T610 Version-
   CommscopeRuckus T670 Version-
   CommscopeRuckus T710 Version-
   CommscopeRuckus T710s Version-
   CommscopeRuckus T750 Version-
   CommscopeRuckus T750se Version-
   CommscopeRuckus T811-cm Version-
   CommscopeZonedirector 1200 Version-
RuckuswirelessRuckus Zonedirector Version < 10.5.1.0.279
   CommscopeRuckus C110 Version-
   CommscopeRuckus E510 Version-
   CommscopeRuckus H320 Version-
   CommscopeRuckus H350 Version-
   CommscopeRuckus H510 Version-
   CommscopeRuckus H550 Version-
   CommscopeRuckus M510 Version-
   CommscopeRuckus M510-jp Version-
   CommscopeRuckus R310 Version-
   CommscopeRuckus R320 Version-
   CommscopeRuckus R350 Version-
   CommscopeRuckus R350e Version-
   CommscopeRuckus R510 Version-
   CommscopeRuckus R550 Version-
   CommscopeRuckus R560 Version-
   CommscopeRuckus R610 Version-
   CommscopeRuckus R650 Version-
   CommscopeRuckus R670 Version-
   CommscopeRuckus R710 Version-
   CommscopeRuckus R720 Version-
   CommscopeRuckus R730 Version-
   CommscopeRuckus R750 Version-
   CommscopeRuckus R760 Version-
   CommscopeRuckus R770 Version-
   CommscopeRuckus R850 Version-
   CommscopeRuckus T310c Version-
   CommscopeRuckus T310n Version-
   CommscopeRuckus T310s Version-
   CommscopeRuckus T350c Version-
   CommscopeRuckus T350d Version-
   CommscopeRuckus T350se Version-
   CommscopeRuckus T610 Version-
   CommscopeRuckus T670 Version-
   CommscopeRuckus T710 Version-
   CommscopeRuckus T710s Version-
   CommscopeRuckus T750 Version-
   CommscopeRuckus T750se Version-
   CommscopeRuckus T811-cm Version-
   CommscopeZonedirector 1200 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.05% 0.156
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.3 2.8 3.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE-555 J2EE Misconfiguration: Plaintext Password in Configuration File

The J2EE application stores a plaintext password in a configuration file.