62 matches found
Design/Logic Flaw
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account...
Design/Logic Flaw
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root...
Hardcoded credentials
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts...
Hardcoded credentials
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access...
Directory traversal
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The API allows Directory Traversal...
CVE-2021-33221
CommScope Ruckus IoT Controller (1.7.1.0 and earlier) exposes unauthenticated API endpoints. The Nuclei template details a service-details endpoint that leaks system/config data (DNS/NTP, hostname, version, etc.), a diagnostic endpoint that can generate CPU/disk-heavy files, and a reset endpoint ...
CVE-2021-33221
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Unauthenticated API Endpoints...
CVE-2021-33220
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Hard-coded API Keys exist...
CVE-2021-33220
CVE-2021-33220 affects CommScope Ruckus IoT Controller, version 1.7.1.0 and earlier. The vulnerability stems from hard-coded API keys embedded in the OVA image and web application code, which can be exposed when the filesystem is mounted. Reported impact includes exposure of API keys that can be ...
CVE-2021-33219
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts...
CVE-2021-33219
CVE-2021-33219 affects CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The vulnerability is caused by a hard-coded web application administrator password for the accounts named admin and nplus1user , described as an undocumented administrative-level credential that cannot be changed by the c...
CVE-2021-33218
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access...
CVE-2021-33218
CVE-2021-33218 affects CommScope Ruckus IoT Controller
CVE-2021-33217
CVE-2021-33217 affects CommScope Ruckus IoT Controller (1.7.1.0 and earlier). The web application uses a node-red NodeJS module with root privileges, allowing authenticated users to read/write arbitrary files on the device filesystem via the web UI and API (e.g., POST to /node-red/flows to access...
CVE-2021-33215
CVE-2021-33215 affects CommScope Ruckus IoT Controller (versions 1.7.1.0 and earlier). The vulnerability is a directory traversal in the web interface (via the Python web.py in the Dockerized webservice), allowing an authenticated attacker to view files outside the restricted directory. The vulne...
CVE-2021-33215
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The API allows Directory Traversal...
CommScope Ruckus IoT Controller 信任管理问题漏洞
The Commscope CommScope Ruckus IoT Controller is an IoT controller from Commscope, Inc. A virtual controller that integrates with the SmartZone controller to perform connectivity, device and security management functions for non-Wi-Fi devices. A trust management issue vulnerability exists in...
CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded API Keys Exposed
KL-001-2021-002: CommScope Ruckus IoT Controller Hard-coded API Keys Exposed Title: CommScope Ruckus IoT Controller Hard-coded API Keys Exposed Advisory ID: KL-001-2021-002 Publication Date: 2021.05.26 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-002.txt 1. Vulnerabilit...
CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded Web Application Administrator Password
An undocumented, administrative-level, hard-coded web application account exists in the IoT Controller OVA which cannot be changed by the customer. CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded Web Application Administrator Password Vulnerability 1. Vulnerability Details Affected Vendor:...
CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded System Passwords
KL-001-2021-003: CommScope Ruckus IoT Controller Hard-coded System Passwords Title: CommScope Ruckus IoT Controller Hard-coded System Passwords Advisory ID: KL-001-2021-003 Publication Date: 2021.05.26 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-003.txt 1. Vulnerabilit...