Ruckuswireless

Ruckus Zonedirector

8 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2025-46116

Exploit
  • EPSS 0.06%
  • Published 21.07.2025 00:00:00
  • Last modified 05.08.2025 17:17:40

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command `!v54...

9.1

CVE-2025-46117

Exploit
  • EPSS 0.11%
  • Published 21.07.2025 00:00:00
  • Last modified 05.08.2025 17:17:58

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where a hidden debug script `.ap_debug.sh` invoked from the restricted CLI does not properly sanitize...

5.3

CVE-2025-46118

Exploit
  • EPSS 0.07%
  • Published 21.07.2025 00:00:00
  • Last modified 05.08.2025 17:18:10

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279, where hard-coded credentials for the ftpuser account provide FTP access to the controller, enabling a ...

6.3

CVE-2025-46119

Exploit
  • EPSS 0.05%
  • Published 21.07.2025 00:00:00
  • Last modified 05.08.2025 17:18:27

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where an authenticated request to the management endpoint `/admin/_cmdstat.jsp` discloses the adminis...

9.8

CVE-2025-46120

Exploit
  • EPSS 1.14%
  • Published 21.07.2025 00:00:00
  • Last modified 05.08.2025 17:18:32

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templa...

9.8

CVE-2025-46121

Exploit
  • EPSS 0.65%
  • Published 21.07.2025 00:00:00
  • Last modified 05.08.2025 17:18:43

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the functions `stamgr_cfg_adpt_addStaFavourite` and `stamgr_cfg_adpt_addStaIot` pass a client hostname directly to snprintf as the format string....

9.1

CVE-2025-46122

Exploit
  • EPSS 0.31%
  • Published 21.07.2025 00:00:00
  • Last modified 05.08.2025 17:18:47

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the authenticated diagnostics API endpoint `/admin/_cmdstat.jsp` passes attacker-controlled input to the shell without adequate validation, enabl...

7.2

CVE-2025-46123

Exploit
  • EPSS 0.58%
  • Published 21.07.2025 00:00:00
  • Last modified 05.08.2025 17:18:56

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where the authenticated configuration endpoint `/admin/_conf.jsp` writes the Wi-Fi guest password to ...