7.2

CVE-2025-46123

Exploit

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where the authenticated configuration endpoint `/admin/_conf.jsp` writes the Wi-Fi guest password to memory with snprintf using the attacker-supplied value as the format string; a crafted password therefore triggers uncontrolled format-string processing and enables remote code execution on the controller.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RuckuswirelessRuckus Unleashed Version < 200.15.6.212.14
   CommscopeRuckus C110 Version-
   CommscopeRuckus E510 Version-
   CommscopeRuckus H320 Version-
   CommscopeRuckus H350 Version-
   CommscopeRuckus H510 Version-
   CommscopeRuckus H550 Version-
   CommscopeRuckus M510 Version-
   CommscopeRuckus M510-jp Version-
   CommscopeRuckus R310 Version-
   CommscopeRuckus R320 Version-
   CommscopeRuckus R350 Version-
   CommscopeRuckus R350e Version-
   CommscopeRuckus R510 Version-
   CommscopeRuckus R550 Version-
   CommscopeRuckus R560 Version-
   CommscopeRuckus R610 Version-
   CommscopeRuckus R650 Version-
   CommscopeRuckus R670 Version-
   CommscopeRuckus R710 Version-
   CommscopeRuckus R720 Version-
   CommscopeRuckus R730 Version-
   CommscopeRuckus R750 Version-
   CommscopeRuckus R760 Version-
   CommscopeRuckus R770 Version-
   CommscopeRuckus R850 Version-
   CommscopeRuckus T310c Version-
   CommscopeRuckus T310n Version-
   CommscopeRuckus T310s Version-
   CommscopeRuckus T350c Version-
   CommscopeRuckus T350d Version-
   CommscopeRuckus T350se Version-
   CommscopeRuckus T610 Version-
   CommscopeRuckus T670 Version-
   CommscopeRuckus T710 Version-
   CommscopeRuckus T710s Version-
   CommscopeRuckus T750 Version-
   CommscopeRuckus T750se Version-
   CommscopeRuckus T811-cm Version-
   CommscopeZonedirector 1200 Version-
RuckuswirelessRuckus Unleashed Version >= 200.17 < 200.17.7.0.139
   CommscopeRuckus C110 Version-
   CommscopeRuckus E510 Version-
   CommscopeRuckus H320 Version-
   CommscopeRuckus H350 Version-
   CommscopeRuckus H510 Version-
   CommscopeRuckus H550 Version-
   CommscopeRuckus M510 Version-
   CommscopeRuckus M510-jp Version-
   CommscopeRuckus R310 Version-
   CommscopeRuckus R320 Version-
   CommscopeRuckus R350 Version-
   CommscopeRuckus R350e Version-
   CommscopeRuckus R510 Version-
   CommscopeRuckus R550 Version-
   CommscopeRuckus R560 Version-
   CommscopeRuckus R610 Version-
   CommscopeRuckus R650 Version-
   CommscopeRuckus R670 Version-
   CommscopeRuckus R710 Version-
   CommscopeRuckus R720 Version-
   CommscopeRuckus R730 Version-
   CommscopeRuckus R750 Version-
   CommscopeRuckus R760 Version-
   CommscopeRuckus R770 Version-
   CommscopeRuckus R850 Version-
   CommscopeRuckus T310c Version-
   CommscopeRuckus T310n Version-
   CommscopeRuckus T310s Version-
   CommscopeRuckus T350c Version-
   CommscopeRuckus T350d Version-
   CommscopeRuckus T350se Version-
   CommscopeRuckus T610 Version-
   CommscopeRuckus T670 Version-
   CommscopeRuckus T710 Version-
   CommscopeRuckus T710s Version-
   CommscopeRuckus T750 Version-
   CommscopeRuckus T750se Version-
   CommscopeRuckus T811-cm Version-
   CommscopeZonedirector 1200 Version-
RuckuswirelessRuckus Zonedirector Version < 10.5.1.0.279
   CommscopeRuckus C110 Version-
   CommscopeRuckus E510 Version-
   CommscopeRuckus H320 Version-
   CommscopeRuckus H350 Version-
   CommscopeRuckus H510 Version-
   CommscopeRuckus H550 Version-
   CommscopeRuckus M510 Version-
   CommscopeRuckus M510-jp Version-
   CommscopeRuckus R310 Version-
   CommscopeRuckus R320 Version-
   CommscopeRuckus R350 Version-
   CommscopeRuckus R350e Version-
   CommscopeRuckus R510 Version-
   CommscopeRuckus R550 Version-
   CommscopeRuckus R560 Version-
   CommscopeRuckus R610 Version-
   CommscopeRuckus R650 Version-
   CommscopeRuckus R670 Version-
   CommscopeRuckus R710 Version-
   CommscopeRuckus R720 Version-
   CommscopeRuckus R730 Version-
   CommscopeRuckus R750 Version-
   CommscopeRuckus R760 Version-
   CommscopeRuckus R770 Version-
   CommscopeRuckus R850 Version-
   CommscopeRuckus T310c Version-
   CommscopeRuckus T310n Version-
   CommscopeRuckus T310s Version-
   CommscopeRuckus T350c Version-
   CommscopeRuckus T350d Version-
   CommscopeRuckus T350se Version-
   CommscopeRuckus T610 Version-
   CommscopeRuckus T670 Version-
   CommscopeRuckus T710 Version-
   CommscopeRuckus T710s Version-
   CommscopeRuckus T750 Version-
   CommscopeRuckus T750se Version-
   CommscopeRuckus T811-cm Version-
   CommscopeZonedirector 1200 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.58% 0.679
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.2 1.2 5.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.