CVE-2020-26878

🗓️ 26 Oct 2020 19:13:47Reported by mitreType

cve

cve🔗 web.nvd.nist.gov👁 82 Views🌐 WEB

Ruckus 1.5.1.0.21 remote command injection via authenticated use

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2020-26878	27 Oct 202020:10	–	circl
Check Point Advisories	Ruckus IoT Controller Web UI Command Injection (CVE-2020-26878)	21 Nov 202000:00	–	checkpoint_advisories
Cvelist	CVE-2020-26878	26 Oct 202019:13	–	cvelist
Exploit DB	Ruckus IoT Controller (Ruckus vRIoT) 1.5.1.0.21 - Remote Code Execution	27 Nov 202000:00	–	exploitdb
NVD	CVE-2020-26878	26 Oct 202020:15	–	nvd
Packet Storm	Ruckus IoT Controller 1.5.1.0.21 Remote Code Execution	27 Nov 202000:00	–	packetstorm
Prion	Command injection	26 Oct 202020:15	–	prion
RedhatCVE	CVE-2020-26878	22 May 202515:24	–	redhatcve
ThreatPost	ZuoRAT Can Take Over Widely Used SOHO Routers	30 Jun 202217:20	–	threatpost
VulnCheck KEV	VulnCheck KEV: CVE-2020-26878	28 Jun 202200:00	–	vulncheck_kev

NVD

Node

commscope ruckus_vriotRange≤1.5.1.0.21

AND

commscope ruckus_iot_moduleMatch-

Source	Link
x-c3ll	www.x-c3ll.github.io/
support	www.support.ruckuswireless.com/documents
adepts	www.adepts.of0x.cc/ruckus-vriot-rce/
adepts	www.adepts.of0x.cc/
twitter	www.twitter.com/TheXC3LL
support	www.support.ruckuswireless.com/security_bulletins/305

Parameter	Position	Path	Description	CWE
username	request body	/service/v1/createUser	Remote command injection via createUser API accepting username payload executed as root	CWE-78

21 Nov 2024 05:20Current

8.9High risk

Vulners AI Score8.9

CVSS 3.18.8

CVSS 29

EPSS0.62973

ruckus 1.5.1.0.21 remote command injection authenticated user api web.py cve-2020-26878 nvd