3 matches found
VulnCheck KEV: CVE-2020-26878
Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API /service/v1/createUser endpoint, injecting arbitrary commands that will be executed as root user via web.py...
Ruckus Networks Ruckus vRioT Trust Management Issues Vulnerability
Ruckus Networks Ruckus vRioT is a software based on Bluetooth, ZigBee, LoRa to realize endpoint connectivity from Ruckus Networks, USA. A trust management issue vulnerability exists in Ruckus Networks Ruckus vRioT versions prior to 1.5.1.0.21. The vulnerability stems from the fact that Ruckus vRi...
CVE-2020-26878
CVE-2020-26878 affects Ruckus IoT Controller (Ruckus vRIoT) up to version 1.5.1.0.21. An authenticated user can submit a crafted request to the API at /service/v1/createUser, injecting commands that are executed with root privileges via web.py. Public sources document this as a remote command-inj...