Lucene search
K

62 matches found

Prion
Prion
added 2021/07/07 3:15 p.m.18 views

Design/Logic Flaw

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account...

7.5CVSS9.3AI score0.13773EPSS
Exploits4References2Affected Software1
Prion
Prion
added 2021/07/07 3:15 p.m.11 views

Design/Logic Flaw

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root...

9CVSS8.9AI score0.01376EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2021/07/07 3:15 p.m.12 views

Hardcoded credentials

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts...

7.5CVSS9.4AI score0.0215EPSS
Exploits6References2Affected Software1
Prion
Prion
added 2021/07/07 3:15 p.m.12 views

Hardcoded credentials

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access...

10CVSS9.4AI score0.02304EPSS
Exploits4References2Affected Software1
Prion
Prion
added 2021/07/07 3:15 p.m.16 views

Directory traversal

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The API allows Directory Traversal...

4CVSS5.6AI score0.01193EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2021/07/07 2:24 p.m.128 views

CVE-2021-33221

CommScope Ruckus IoT Controller (1.7.1.0 and earlier) exposes unauthenticated API endpoints. The Nuclei template details a service-details endpoint that leaks system/config data (DNS/NTP, hostname, version, etc.), a diagnostic endpoint that can generate CPU/disk-heavy files, and a reset endpoint ...

9.8CVSS9.4AI score0.5699EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2021/07/07 2:24 p.m.34 views

CVE-2021-33221

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Unauthenticated API Endpoints...

9.7AI score0.5699EPSS
Exploits3References2
Cvelist
Cvelist
added 2021/07/07 2:24 p.m.37 views

CVE-2021-33220

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Hard-coded API Keys exist...

7.8AI score0.00254EPSS
Exploits2References2
CVE
CVE
added 2021/07/07 2:24 p.m.88 views

CVE-2021-33220

CVE-2021-33220 affects CommScope Ruckus IoT Controller, version 1.7.1.0 and earlier. The vulnerability stems from hard-coded API keys embedded in the OVA image and web application code, which can be exposed when the filesystem is mounted. Reported impact includes exposure of API keys that can be ...

7.8CVSS7.5AI score0.00254EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2021/07/07 2:23 p.m.49 views

CVE-2021-33219

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts...

9.7AI score0.0215EPSS
Exploits6References2
CVE
CVE
added 2021/07/07 2:23 p.m.98 views

CVE-2021-33219

CVE-2021-33219 affects CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The vulnerability is caused by a hard-coded web application administrator password for the accounts named admin and nplus1user , described as an undocumented administrative-level credential that cannot be changed by the c...

9.8CVSS9.3AI score0.0215EPSS
Exploits6References2Affected Software1
Cvelist
Cvelist
added 2021/07/07 2:11 p.m.43 views

CVE-2021-33218

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access...

9.7AI score0.02304EPSS
Exploits4References2
CVE
CVE
added 2021/07/07 2:11 p.m.88 views

CVE-2021-33218

CVE-2021-33218 affects CommScope Ruckus IoT Controller

10CVSS9.3AI score0.02304EPSS
Exploits4References2Affected Software1
CVE
CVE
added 2021/07/07 2:7 p.m.86 views

CVE-2021-33217

CVE-2021-33217 affects CommScope Ruckus IoT Controller (1.7.1.0 and earlier). The web application uses a node-red NodeJS module with root privileges, allowing authenticated users to read/write arbitrary files on the device filesystem via the web UI and API (e.g., POST to /node-red/flows to access...

9CVSS9.1AI score0.01376EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2021/07/07 2:4 p.m.88 views

CVE-2021-33215

CVE-2021-33215 affects CommScope Ruckus IoT Controller (versions 1.7.1.0 and earlier). The vulnerability is a directory traversal in the web interface (via the Python web.py in the Dockerized webservice), allowing an authenticated attacker to view files outside the restricted directory. The vulne...

4.3CVSS6.6AI score0.01193EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2021/07/07 2:4 p.m.42 views

CVE-2021-33215

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The API allows Directory Traversal...

5.9AI score0.01193EPSS
Exploits2References2
CNNVD
CNNVD
added 2021/05/27 12:0 a.m.5 views

CommScope Ruckus IoT Controller 信任管理问题漏洞

The Commscope CommScope Ruckus IoT Controller is an IoT controller from Commscope, Inc. A virtual controller that integrates with the SmartZone controller to perform connectivity, device and security management functions for non-Wi-Fi devices. A trust management issue vulnerability exists in...

7.8CVSS7.4AI score0.00254EPSS
Exploits2References4
Packet Storm
Packet Storm
added 2021/05/27 12:0 a.m.243 views

CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded API Keys Exposed

KL-001-2021-002: CommScope Ruckus IoT Controller Hard-coded API Keys Exposed Title: CommScope Ruckus IoT Controller Hard-coded API Keys Exposed Advisory ID: KL-001-2021-002 Publication Date: 2021.05.26 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-002.txt 1. Vulnerabilit...

7.7AI score0.00254EPSS
Exploits2
0day.today
0day.today
added 2021/05/27 12:0 a.m.57 views

CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded Web Application Administrator Password

An undocumented, administrative-level, hard-coded web application account exists in the IoT Controller OVA which cannot be changed by the customer. CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded Web Application Administrator Password Vulnerability 1. Vulnerability Details Affected Vendor:...

9.8CVSS0.4AI score0.0215EPSS
Exploits6
Packet Storm
Packet Storm
added 2021/05/27 12:0 a.m.213 views

CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded System Passwords

KL-001-2021-003: CommScope Ruckus IoT Controller Hard-coded System Passwords Title: CommScope Ruckus IoT Controller Hard-coded System Passwords Advisory ID: KL-001-2021-003 Publication Date: 2021.05.26 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-003.txt 1. Vulnerabilit...

0.5AI score0.02304EPSS
Exploits4
Rows per page
Query Builder