178 matches found
CVE-2021-33216
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account...
CVE-2021-33215
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The API allows Directory Traversal...
CVE-2021-33215
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The API allows Directory Traversal...
Hardcoded credentials
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Hard-coded API Keys exist...
Hardcoded credentials
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts...
Design/Logic Flaw
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account...
Hardcoded credentials
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access...
Design/Logic Flaw
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root...
Directory traversal
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The API allows Directory Traversal...
CVE-2021-33221
CommScope Ruckus IoT Controller (1.7.1.0 and earlier) exposes unauthenticated API endpoints. The Nuclei template details a service-details endpoint that leaks system/config data (DNS/NTP, hostname, version, etc.), a diagnostic endpoint that can generate CPU/disk-heavy files, and a reset endpoint ...
CVE-2021-33221
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Unauthenticated API Endpoints...
CVE-2021-33220
CVE-2021-33220 affects CommScope Ruckus IoT Controller, version 1.7.1.0 and earlier. The vulnerability stems from hard-coded API keys embedded in the OVA image and web application code, which can be exposed when the filesystem is mounted. Reported impact includes exposure of API keys that can be ...
CVE-2021-33220
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Hard-coded API Keys exist...
CVE-2021-33219
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts...
CVE-2021-33219
CVE-2021-33219 affects CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The vulnerability is caused by a hard-coded web application administrator password for the accounts named admin and nplus1user , described as an undocumented administrative-level credential that cannot be changed by the c...
CVE-2021-33218
CVE-2021-33218 affects CommScope Ruckus IoT Controller
CVE-2021-33218
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access...
CVE-2021-33217
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root...
CVE-2021-33217
CVE-2021-33217 affects CommScope Ruckus IoT Controller (1.7.1.0 and earlier). The web application uses a node-red NodeJS module with root privileges, allowing authenticated users to read/write arbitrary files on the device filesystem via the web UI and API (e.g., POST to /node-red/flows to access...
CVE-2021-33216
CVE-2021-33216 affects CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An undocumented backdoor exists via an upgrade account (vriotiotupgrade) with SSH/SCP access, enabled by an authorized_keys entry and restricted rssh configuration, enabling shell access when the OVA is mounted. Documente...