178 matches found
CVE-2025-46116
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command !v54! via a management API call and then invoke it t...
CVE-2025-46119
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where an authenticated request to the management endpoint /admin/cmdstat.jsp discloses the administrator password in a trivially reversible obfuscat...
CVE-2025-46117
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where a hidden debug script .apdebug.sh invoked from the restricted CLI does not properly sanitize its input, allowing an authenticated attacker to...
PT-2025-30281 · Commscope · Ruckus Unleashed
Name of the Vulnerable Software and Affected Versions: CommScope Ruckus Unleashed versions prior to 200.15.6.12.304 CommScope Ruckus Unleashed versions prior to 200.18.7.1.302 Description: An authenticated request to the management endpoint /admin/ cmdstat.jsp discloses the administrator password...
PT-2025-30280 · Commscope · Ruckus Zonedirector +1
Name of the Vulnerable Software and Affected Versions: CommScope Ruckus Unleashed versions prior to 200.15.6.212.14 and 200.17.7.0.139 CommScope Ruckus ZoneDirector versions prior to 10.5.1.0.279 Description: An issue was discovered where hard-coded credentials for the ftpuser account provide FTP...
CVE-2025-46118
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279, where hard-coded credentials for the ftpuser account provide FTP access to the controller, enabling a remote attacker to upload or retrieve arbitrary...
CVE-2025-46121
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the functions stamgrcfgadptaddStaFavourite and stamgrcfgadptaddStaIot pass a client hostname directly to snprintf as the format string. A remote attacker can exploit this flaw either by sendin...
CommScope Ruckus Unleashed 安全漏洞
The CommScope Ruckus Unleashed is a wireless router from CommScope USA. A security vulnerability exists in CommScope Ruckus Unleashed versions prior to 200.15.6.212.14, 200.17.7.0.139, and Ruckus ZoneDirector versions prior to 10.5.1.0.279, which stems from hard-coded credentials and could lead t...
CommScope多款产品 安全漏洞
CommScope Ruckus Unleashed and CommScope Ruckus ZoneDirector are both wireless routers from CommScope USA. A security vulnerability exists in CommScope Ruckus Unleashed versions prior to 200.15.6.212.14, 200.17.7.0.139, and Ruckus ZoneDirector versions prior to 10.5.1.0.279, which stems from...
CVE-2025-46122
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the authenticated diagnostics API endpoint /admin/cmdstat.jsp passes attacker-controlled input to the shell without adequate validation, enabling a remote attacker to specify a target by MAC...
PT-2025-30283 · Commscope · Ruckus Unleashed
Name of the Vulnerable Software and Affected Versions: CommScope Ruckus Unleashed versions prior to 200.15.6.212.14 CommScope Ruckus Unleashed versions prior to 200.17.7.0.139 Description: An issue exists where the functions stamgr cfg adpt addStaFavourite and stamgr cfg adpt addStaIot improperly...
PT-2025-30278 · Commscope · Ruckus Zonedirector +1
Name of the Vulnerable Software and Affected Versions: CommScope Ruckus Unleashed versions prior to 200.15.6.212.14 and 200.17.7.0.139 CommScope Ruckus ZoneDirector versions prior to 10.5.1.0.279 Description: An authenticated attacker can disable the passphrase requirement for a hidden CLI comman...
CVE-2025-46117
CVE-2025-46117 affects CommScope Ruckus Unleashed (versions prior to 200.15.6.212.14 and 200.17.7.0.139) and Ruckus ZoneDirector (prior to 10.5.1.0.279). The root cause is improper sanitization of inputs to a hidden debug script (.ap_debug.sh) invoked from the restricted CLI, allowing an authenti...
CVE-2025-46121
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the functions stamgrcfgadptaddStaFavourite and stamgrcfgadptaddStaIot pass a client hostname directly to snprintf as the format string. A remote attacker can exploit this flaw either by sendin...
CVE-2025-46120
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates outside permitted directories, allowing a...
CVE-2025-46119
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where an authenticated request to the management endpoint /admin/cmdstat.jsp discloses the administrator password in a trivially reversible obfuscat...
CVE-2025-46116
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command !v54! via a management API call and then invoke it t...
CVE-2025-46118
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279, where hard-coded credentials for the ftpuser account provide FTP access to the controller, enabling a remote attacker to upload or retrieve arbitrary...
PT-2025-30285 · Commscope · Ruckus Unleashed +1
Name of the Vulnerable Software and Affected Versions: CommScope Ruckus Unleashed versions prior to 200.15.6.212.14 and 200.17.7.0.139 CommScope Ruckus ZoneDirector versions prior to 10.5.1.0.279 Description: An issue exists where the authenticated configuration endpoint /admin/ conf.jsp writes t...
CVE-2025-46120
The CVE-2025-46120 entry affects CommScope Ruckus Unleashed (before 200.15.6.212.27 and 200.18.7.1.323) and Ruckus ZoneDirector (before 10.5.1.0.282). A path-traversal flaw in the web interface allows an attacker who can upload a template (e.g., via FTP) to have the server execute attacker-suppli...