Lucene search
+L

179 matches found

cvelist
cvelist
added 2021/07/07 2:6 p.m.39 views

CVE-2021-33216

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account...

9.6AI score0.13773EPSS
Exploits4References2
cve
cve
added 2021/07/07 2:6 p.m.84 views

CVE-2021-33216

CVE-2021-33216 affects CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An undocumented backdoor exists via an upgrade account (vriotiotupgrade) with SSH/SCP access, enabled by an authorized_keys entry and restricted rssh configuration, enabling shell access when the OVA is mounted. Documente...

9.8CVSS9.3AI score0.13773EPSS
Exploits4References2Affected Software1
cvelist
cvelist
added 2021/07/07 2:4 p.m.42 views

CVE-2021-33215

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The API allows Directory Traversal...

5.9AI score0.01193EPSS
Exploits2References2
cve
cve
added 2021/07/07 2:4 p.m.91 views

CVE-2021-33215

CVE-2021-33215 affects CommScope Ruckus IoT Controller (versions 1.7.1.0 and earlier). The vulnerability is a directory traversal in the web interface (via the Python web.py in the Dockerized webservice), allowing an authenticated attacker to view files outside the restricted directory. The vulne...

4.3CVSS6.6AI score0.01193EPSS
Exploits2References2Affected Software1
ptsecurity
ptsecurity
added 2021/05/31 12:0 a.m.5 views

PT-2021-20086 · Commscope · Commscope Ruckus Iot Controller

Name of the Vulnerable Software and Affected Versions: CommScope Ruckus IoT Controller versions 1.7.1.0 and earlier Description: An issue exists in the CommScope Ruckus IoT Controller, where an undocumented backdoor allows shell access via a developer account. This backdoor enables unauthorized...

9.8CVSS9.3AI score0.13773EPSS
Exploits4References5
packetstorm
packetstorm
added 2021/05/27 12:0 a.m.245 views

CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded API Keys Exposed

KL-001-2021-002: CommScope Ruckus IoT Controller Hard-coded API Keys Exposed Title: CommScope Ruckus IoT Controller Hard-coded API Keys Exposed Advisory ID: KL-001-2021-002 Publication Date: 2021.05.26 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-002.txt 1. Vulnerabilit...

7.7AI score0.00254EPSS
Exploits2
cnnvd
cnnvd
added 2021/05/27 12:0 a.m.7 views

CommScope Ruckus IoT Controller 路径遍历漏洞

The Commscope CommScope Ruckus IoT Controller is an IoT controller from Commscope, Inc. A virtual controller that integrates with the SmartZone controller to perform connectivity, device and security management functions for non-Wi-Fi devices. A path traversal vulnerability exists in the CommScop...

4.3CVSS5.4AI score0.01193EPSS
Exploits2References5
cnnvd
cnnvd
added 2021/05/27 12:0 a.m.8 views

CommScope Ruckus IoT Controller 信任管理问题漏洞

The Commscope CommScope Ruckus IoT Controller is an IoT controller from Commscope, Inc. A virtual controller that integrates with the SmartZone controller to perform connectivity, device and security management functions for non-Wi-Fi devices. A trust management issue vulnerability exists in the...

10CVSS8.3AI score0.02304EPSS
Exploits4References5
cnnvd
cnnvd
added 2021/05/27 12:0 a.m.4 views

CommScope Ruckus IoT Controller 安全漏洞

The Commscope CommScope Ruckus IoT Controller is an IoT controller from Commscope, Inc. A virtual controller that integrates with the SmartZone controller to perform connectivity, device and security management functions for non-Wi-Fi devices. A security vulnerability exists in the IoT Controller...

9.8CVSS7.8AI score0.13773EPSS
Exploits4References7
zdt
zdt
added 2021/05/27 12:0 a.m.59 views

CommScope Ruckus IoT Controller 1.7.1.0 Unauthenticated API Endpoints Vulnerability

Three API endpoints for the IoT Controller are accessible without authentication. Two of the endpoints result in information leakage and consumption of computing/storage resources. The third API endpoint that does not require authentication allows for a factory reset of the IoT Controller...

9.8CVSS0.2AI score0.5699EPSS
Exploits3
zdt
zdt
added 2021/05/27 12:0 a.m.57 views

CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded Web Application Administrator Password

An undocumented, administrative-level, hard-coded web application account exists in the IoT Controller OVA which cannot be changed by the customer. CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded Web Application Administrator Password Vulnerability 1. Vulnerability Details Affected Vendor:...

9.8CVSS0.4AI score0.0215EPSS
Exploits6
zdt
zdt
added 2021/05/27 12:0 a.m.77 views

CommScope Ruckus IoT Controller 1.7.1.0 Web Application Directory Traversal Vulnerability

A Python script web.py for a Dockerized webservice contains a directory traversal vulnerability, which can be leveraged by an authenticated attacker to view the contents of directories on the IoT Controller. CommScope Ruckus IoT Controller 1.7.1.0 Web Application Directory Traversal Vulnerability...

9.8CVSS0.4AI score0.0215EPSS
Exploits6
packetstorm
packetstorm
added 2021/05/27 12:0 a.m.226 views

CommScope Ruckus IoT Controller 1.7.1.0 Web Application Directory Traversal

KL-001-2021-005: CommScope Ruckus IoT Controller Web Application Directory Traversal Title: CommScope Ruckus IoT Controller Web Application Directory Traversal Advisory ID: KL-001-2021-005 Publication Date: 2021.05.26 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-005.txt...

0.0215EPSS
Exploits6
packetstorm
packetstorm
added 2021/05/27 12:0 a.m.269 views

CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded Web Application Administrator Password

KL-001-2021-004: CommScope Ruckus IoT Controller Hard-coded Web Application Administrator Password Title: CommScope Ruckus IoT Controller Hard-coded Web Application Administrator Password Advisory ID: KL-001-2021-004 Publication Date: 2021.05.26 Publication URL:...

0.1AI score0.0215EPSS
Exploits6
packetstorm
packetstorm
added 2021/05/27 12:0 a.m.213 views

CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded System Passwords

KL-001-2021-003: CommScope Ruckus IoT Controller Hard-coded System Passwords Title: CommScope Ruckus IoT Controller Hard-coded System Passwords Advisory ID: KL-001-2021-003 Publication Date: 2021.05.26 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-003.txt 1. Vulnerabilit...

0.5AI score0.02304EPSS
Exploits4
zdt
zdt
added 2021/05/27 12:0 a.m.58 views

CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded API Keys Exposed Vulnerability

CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded API Keys Exposed Vulnerability 1. Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-798: Use of Hard-coded Credentials CVE ID:...

7.8CVSS0.3AI score0.00254EPSS
Exploits2
zdt
zdt
added 2021/05/27 12:0 a.m.97 views

CommScope Ruckus IoT Controller 1.7.1.0 Undocumented Account Vulnerability

An upgrade account is included in the IoT Controller OVA that provides the vendor undocumented access via Secure Copy SCP. 1. Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-798:...

9.8CVSS0.5AI score0.13773EPSS
Exploits5
cnnvd
cnnvd
added 2021/05/27 12:0 a.m.6 views

CommScope Ruckus IoT Controller 信任管理问题漏洞

The Commscope CommScope Ruckus IoT Controller is an IoT controller from Commscope, Inc. A virtual controller that integrates with the SmartZone controller to perform connectivity, device and security management functions for non-Wi-Fi devices. A trust management issue vulnerability exists in...

9.8CVSS8.2AI score0.0215EPSS
Exploits6References5
cnnvd
cnnvd
added 2021/05/27 12:0 a.m.6 views

CommScope Ruckus IoT Controller 缓冲区错误漏洞

The Commscope CommScope Ruckus IoT Controller is an IoT controller from Commscope, Inc. A virtual controller that integrates with the SmartZone controller to perform connectivity, device and security management functions for non-Wi-Fi devices. A buffer error vulnerability exists in the node-red...

9CVSS8.2AI score0.01376EPSS
Exploits2References5
zdt
zdt
added 2021/05/27 12:0 a.m.125 views

CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded System Passwords Vulnerability

CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded System Passwords Vulnerability 1. Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-259: Use of Hard-coded Password CVE ID:...

10CVSS0.5AI score0.02304EPSS
Exploits4
Rows per page
Query Builder