CommScope Ruckus IoT Controller 1.7.1.0 Undocumented Account Vulnerability

An upgrade account is included in the IoT Controller OVA that provides the vendor undocumented access via Secure Copy SCP. 1. Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-798:...

CommScope Ruckus IoT Controller 信任管理问题漏洞

The Commscope CommScope Ruckus IoT Controller is an IoT controller from Commscope, Inc. A virtual controller that integrates with the SmartZone controller to perform connectivity, device and security management functions for non-Wi-Fi devices. A trust management issue vulnerability exists in...

CommScope Ruckus IoT Controller 1.7.1.0 Undocumented Account

KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account Title: CommScope Ruckus IoT Controller Undocumented Account Advisory ID: KL-001-2021-007 Publication Date: 2021.05.26 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-007.txt 1. Vulnerability Details...

CommScope Ruckus IoT Controller Hard-coded API Keys Exposed

Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-798: Use of Hard-coded Credentials CVE ID: CVE-2021-33220 2. Vulnerability Description API keys for CommScope Ruckus are included...

CommScope Ruckus IoT Controller Unauthenticated API Endpoints

Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-306: Missing Authentication for Critical Function CVE ID: CVE-2021-33221 2. Vulnerability Description Three API endpoints for the...

CommScope Ruckus IoT Controller Hard-coded System Passwords

Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-259: Use of Hard-coded Password CVE ID: CVE-2021-33218 2. Vulnerability Description Hard coded, system-level credentials exist on...

CommScope Ruckus IoT Controller Undocumented Account

Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-798: Use of Hard-coded Credentials, CWE-912: Hidden Functionality CVE ID: CVE-2021-33216 2. Vulnerability Description An upgrade...

CommScope Ruckus IoT Controller Web Application Directory Traversal

Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', CWE-250: Execution with Unnecessary Privileges...

CommScope Ruckus IoT Controller Hard-coded Web Application Administrator Password

Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-259: Use of Hard-coded Password CVE ID: CVE-2021-33219 2. Vulnerability Description An undocumented, administrative-level, hard...

CommScope Ruckus ZoneFlex R500 Cross-Site Scripting Vulnerability

CommScope Ruckus ZoneFlex R500 is a wireless access point product from CommScope, Inc. A cross-site scripting vulnerability exists in CommScope Ruckus ZoneFlex R500 version 3.4.2.0.384. No details of the vulnerability are provided at this time...

CVE-2019-15806

CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/basicsett.html. Any user connected to the Wi-Fi can exploit this...

CVE-2019-15805

CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can exploit this...

Authentication flaw

CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can exploit this...

Authentication flaw

CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/basicsett.html. Any user connected to the Wi-Fi can exploit this...

CVE-2019-15805

CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can exploit this...

CVE-2019-15805

The CVE-2019-15805 entry concerns CommScope ARRIS TR4400 routers. Affected firmware versions up to A1.00.004-180301 expose the current password encoded in base64 on the login.html page (http://192.168.1.1/login.html), enabling an authentication bypass. Impact is described as high (CVSS3 base scor...

CVE-2019-15806

CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/basicsett.html. Any user connected to the Wi-Fi can exploit this...

CVE-2019-15806

The CVE-2019-15806 entry affects CommScope ARRIS TR4400 devices with firmware A1.00.004-180301, which are vulnerable to an authentication bypass of the administrative interface. The issue arises because the firmware exposes the current base64-encoded password within http://192.168.1.1/basic_sett....