CVE-2021-33217

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root...

CVE-2021-33217

CVE-2021-33217 affects CommScope Ruckus IoT Controller (1.7.1.0 and earlier). The web application uses a node-red NodeJS module with root privileges, allowing authenticated users to read/write arbitrary files on the device filesystem via the web UI and API (e.g., POST to /node-red/flows to access...

CommScope Ruckus IoT Controller 1.7.1.0 Web Application Arbitrary Read/Write

KL-001-2021-006: CommScope Ruckus IoT Controller Web Application Arbitrary Read/Write Title: CommScope Ruckus IoT Controller Web Application Arbitrary Read/Write Advisory ID: KL-001-2021-006 Publication Date: 2021.05.26 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-006.t...

CommScope Ruckus IoT Controller 1.7.1.0 Web Application Arbitrary Read/Write Vulnerability

The IoT Controller web application includes a NodeJS module, node-red, which has the capability for users to read or write to local files on the IoT Controller. With the elevated privileges the web application runs as, this allowed for reading and writing to any file on the IoT Controller...

CommScope Ruckus IoT Controller Web Application Arbitrary Read/Write

Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-250: Execution with Unnecessary Privileges CVE ID: CVE-2021-33217 2. Vulnerability Description The IoT Controller web application...