Lucene search
+L

179 matches found

CNNVD
CNNVD
added 2021/05/27 12:0 a.m.5 views

CommScope Ruckus IoT Controller 安全漏洞

The Commscope CommScope Ruckus IoT Controller is an IoT controller from Commscope, Inc. A virtual controller that integrates with the SmartZone controller to perform connectivity, device and security management functions for non-Wi-Fi devices. A security vulnerability exists in the IoT Controller...

9.8CVSS7.8AI score0.13773EPSS
Exploits4References7
0day.today
0day.today
added 2021/05/27 12:0 a.m.97 views

CommScope Ruckus IoT Controller 1.7.1.0 Web Application Arbitrary Read/Write Vulnerability

The IoT Controller web application includes a NodeJS module, node-red, which has the capability for users to read or write to local files on the IoT Controller. With the elevated privileges the web application runs as, this allowed for reading and writing to any file on the IoT Controller...

10CVSS1AI score0.02304EPSS
Exploits8
Packet Storm
Packet Storm
added 2021/05/27 12:0 a.m.271 views

CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded Web Application Administrator Password

KL-001-2021-004: CommScope Ruckus IoT Controller Hard-coded Web Application Administrator Password Title: CommScope Ruckus IoT Controller Hard-coded Web Application Administrator Password Advisory ID: KL-001-2021-004 Publication Date: 2021.05.26 Publication URL:...

0.1AI score0.0215EPSS
Exploits6
Packet Storm
Packet Storm
added 2021/05/27 12:0 a.m.263 views

CommScope Ruckus IoT Controller 1.7.1.0 Undocumented Account

KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account Title: CommScope Ruckus IoT Controller Undocumented Account Advisory ID: KL-001-2021-007 Publication Date: 2021.05.26 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-007.txt 1. Vulnerability Details...

7.5CVSS0.4AI score0.13773EPSS
Exploits5
KoreLogic Security
KoreLogic Security
added 2021/05/26 12:0 a.m.78 views

CommScope Ruckus IoT Controller Hard-coded API Keys Exposed

Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-798: Use of Hard-coded Credentials CVE ID: CVE-2021-33220 2. Vulnerability Description API keys for CommScope Ruckus are included...

7.8CVSS0.4AI score0.00254EPSS
Exploits2Affected Software1
KoreLogic Security
KoreLogic Security
added 2021/05/26 12:0 a.m.93 views

CommScope Ruckus IoT Controller Web Application Directory Traversal

Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', CWE-250: Execution with Unnecessary Privileges...

9.8CVSS1.5AI score0.0215EPSS
Exploits6Affected Software1
KoreLogic Security
KoreLogic Security
added 2021/05/26 12:0 a.m.87 views

CommScope Ruckus IoT Controller Hard-coded System Passwords

Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-259: Use of Hard-coded Password CVE ID: CVE-2021-33218 2. Vulnerability Description Hard coded, system-level credentials exist on...

10CVSS0.2AI score0.02304EPSS
Exploits4Affected Software1
KoreLogic Security
KoreLogic Security
added 2021/05/26 12:0 a.m.91 views

CommScope Ruckus IoT Controller Undocumented Account

Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-798: Use of Hard-coded Credentials, CWE-912: Hidden Functionality CVE ID: CVE-2021-33216 2. Vulnerability Description An upgrade...

9.8CVSS0.7AI score0.13773EPSS
Exploits4Affected Software1
KoreLogic Security
KoreLogic Security
added 2021/05/26 12:0 a.m.64 views

CommScope Ruckus IoT Controller Hard-coded Web Application Administrator Password

Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-259: Use of Hard-coded Password CVE ID: CVE-2021-33219 2. Vulnerability Description An undocumented, administrative-level, hard...

9.8CVSS0.3AI score0.0215EPSS
Exploits6Affected Software1
KoreLogic Security
KoreLogic Security
added 2021/05/26 12:0 a.m.51 views

CommScope Ruckus IoT Controller Unauthenticated API Endpoints

Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-306: Missing Authentication for Critical Function CVE ID: CVE-2021-33221 2. Vulnerability Description Three API endpoints for the...

9.8CVSS0.3AI score0.5699EPSS
Exploits3Affected Software1
CNVD
CNVD
added 2020/05/06 12:0 a.m.2 views

CommScope Ruckus ZoneFlex R500 Cross-Site Scripting Vulnerability

CommScope Ruckus ZoneFlex R500 is a wireless access point product from CommScope, Inc. A cross-site scripting vulnerability exists in CommScope Ruckus ZoneFlex R500 version 3.4.2.0.384. No details of the vulnerability are provided at this time...

6.1CVSS6.2AI score0.007EPSS
Exploits1References1
NVD
NVD
added 2019/08/29 6:15 p.m.14 views

CVE-2019-15805

CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can exploit this...

9.8CVSS9.8AI score0.01194EPSS
Exploits0References1
NVD
NVD
added 2019/08/29 6:15 p.m.14 views

CVE-2019-15806

CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/basicsett.html. Any user connected to the Wi-Fi can exploit this...

9.8CVSS9.8AI score0.01194EPSS
Exploits0References1
Prion
Prion
added 2019/08/29 6:15 p.m.20 views

Authentication flaw

CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/basicsett.html. Any user connected to the Wi-Fi can exploit this...

7.5CVSS9.7AI score0.01194EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/08/29 6:15 p.m.20 views

Authentication flaw

CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can exploit this...

7.5CVSS9.7AI score0.01194EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/08/29 5:21 p.m.18 views

CVE-2019-15805

CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can exploit this...

9.8AI score0.01194EPSS
Exploits0References1
CVE
CVE
added 2019/08/29 5:21 p.m.42 views

CVE-2019-15805

The CVE-2019-15805 entry concerns CommScope ARRIS TR4400 routers. Affected firmware versions up to A1.00.004-180301 expose the current password encoded in base64 on the login.html page (http://192.168.1.1/login.html), enabling an authentication bypass. Impact is described as high (CVSS3 base scor...

9.8CVSS9.7AI score0.01194EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/08/29 5:21 p.m.20 views

CVE-2019-15806

CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/basicsett.html. Any user connected to the Wi-Fi can exploit this...

9.8AI score0.01194EPSS
Exploits0References1
CVE
CVE
added 2019/08/29 5:21 p.m.42 views

CVE-2019-15806

The CVE-2019-15806 entry affects CommScope ARRIS TR4400 devices with firmware A1.00.004-180301, which are vulnerable to an authentication bypass of the administrative interface. The issue arises because the firmware exposes the current base64-encoded password within http://192.168.1.1/basic_sett....

9.8CVSS9.7AI score0.01194EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder