179 matches found
CommScope Ruckus IoT Controller 安全漏洞
The Commscope CommScope Ruckus IoT Controller is an IoT controller from Commscope, Inc. A virtual controller that integrates with the SmartZone controller to perform connectivity, device and security management functions for non-Wi-Fi devices. A security vulnerability exists in the IoT Controller...
CommScope Ruckus IoT Controller 1.7.1.0 Web Application Arbitrary Read/Write Vulnerability
The IoT Controller web application includes a NodeJS module, node-red, which has the capability for users to read or write to local files on the IoT Controller. With the elevated privileges the web application runs as, this allowed for reading and writing to any file on the IoT Controller...
CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded Web Application Administrator Password
KL-001-2021-004: CommScope Ruckus IoT Controller Hard-coded Web Application Administrator Password Title: CommScope Ruckus IoT Controller Hard-coded Web Application Administrator Password Advisory ID: KL-001-2021-004 Publication Date: 2021.05.26 Publication URL:...
CommScope Ruckus IoT Controller 1.7.1.0 Undocumented Account
KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account Title: CommScope Ruckus IoT Controller Undocumented Account Advisory ID: KL-001-2021-007 Publication Date: 2021.05.26 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-007.txt 1. Vulnerability Details...
CommScope Ruckus IoT Controller Hard-coded API Keys Exposed
Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-798: Use of Hard-coded Credentials CVE ID: CVE-2021-33220 2. Vulnerability Description API keys for CommScope Ruckus are included...
CommScope Ruckus IoT Controller Web Application Directory Traversal
Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', CWE-250: Execution with Unnecessary Privileges...
CommScope Ruckus IoT Controller Hard-coded System Passwords
Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-259: Use of Hard-coded Password CVE ID: CVE-2021-33218 2. Vulnerability Description Hard coded, system-level credentials exist on...
CommScope Ruckus IoT Controller Undocumented Account
Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-798: Use of Hard-coded Credentials, CWE-912: Hidden Functionality CVE ID: CVE-2021-33216 2. Vulnerability Description An upgrade...
CommScope Ruckus IoT Controller Hard-coded Web Application Administrator Password
Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-259: Use of Hard-coded Password CVE ID: CVE-2021-33219 2. Vulnerability Description An undocumented, administrative-level, hard...
CommScope Ruckus IoT Controller Unauthenticated API Endpoints
Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-306: Missing Authentication for Critical Function CVE ID: CVE-2021-33221 2. Vulnerability Description Three API endpoints for the...
CommScope Ruckus ZoneFlex R500 Cross-Site Scripting Vulnerability
CommScope Ruckus ZoneFlex R500 is a wireless access point product from CommScope, Inc. A cross-site scripting vulnerability exists in CommScope Ruckus ZoneFlex R500 version 3.4.2.0.384. No details of the vulnerability are provided at this time...
CVE-2019-15805
CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can exploit this...
CVE-2019-15806
CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/basicsett.html. Any user connected to the Wi-Fi can exploit this...
Authentication flaw
CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/basicsett.html. Any user connected to the Wi-Fi can exploit this...
Authentication flaw
CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can exploit this...
CVE-2019-15805
CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can exploit this...
CVE-2019-15805
The CVE-2019-15805 entry concerns CommScope ARRIS TR4400 routers. Affected firmware versions up to A1.00.004-180301 expose the current password encoded in base64 on the login.html page (http://192.168.1.1/login.html), enabling an authentication bypass. Impact is described as high (CVSS3 base scor...
CVE-2019-15806
CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/basicsett.html. Any user connected to the Wi-Fi can exploit this...
CVE-2019-15806
The CVE-2019-15806 entry affects CommScope ARRIS TR4400 devices with firmware A1.00.004-180301, which are vulnerable to an authentication bypass of the administrative interface. The issue arises because the firmware exposes the current base64-encoded password within http://192.168.1.1/basic_sett....