Lucene search
K

62 matches found

0day.today
0day.today
added 2021/05/27 12:0 a.m.77 views

CommScope Ruckus IoT Controller 1.7.1.0 Web Application Directory Traversal Vulnerability

A Python script web.py for a Dockerized webservice contains a directory traversal vulnerability, which can be leveraged by an authenticated attacker to view the contents of directories on the IoT Controller. CommScope Ruckus IoT Controller 1.7.1.0 Web Application Directory Traversal Vulnerability...

9.8CVSS0.4AI score0.0215EPSS
Exploits6
Packet Storm
Packet Storm
added 2021/05/27 12:0 a.m.269 views

CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded Web Application Administrator Password

KL-001-2021-004: CommScope Ruckus IoT Controller Hard-coded Web Application Administrator Password Title: CommScope Ruckus IoT Controller Hard-coded Web Application Administrator Password Advisory ID: KL-001-2021-004 Publication Date: 2021.05.26 Publication URL:...

0.1AI score0.0215EPSS
Exploits6
Packet Storm
Packet Storm
added 2021/05/27 12:0 a.m.185 views

CommScope Ruckus IoT Controller 1.7.1.0 Unauthenticated API Endpoints

KL-001-2021-001: CommScope Ruckus IoT Controller Unauthenticated API Endpoints Title: CommScope Ruckus IoT Controller Unauthenticated API Endpoints Advisory ID: KL-001-2021-001 Publication Date: 2021.05.26 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-001.txt 1...

0.5AI score0.5699EPSS
Exploits3
CNNVD
CNNVD
added 2021/05/27 12:0 a.m.8 views

CommScope Ruckus IoT Controller 信任管理问题漏洞

The Commscope CommScope Ruckus IoT Controller is an IoT controller from Commscope, Inc. A virtual controller that integrates with the SmartZone controller to perform connectivity, device and security management functions for non-Wi-Fi devices. A trust management issue vulnerability exists in the...

10CVSS8.3AI score0.02304EPSS
Exploits4References5
Packet Storm
Packet Storm
added 2021/05/27 12:0 a.m.501 views

CommScope Ruckus IoT Controller 1.7.1.0 Web Application Arbitrary Read/Write

KL-001-2021-006: CommScope Ruckus IoT Controller Web Application Arbitrary Read/Write Title: CommScope Ruckus IoT Controller Web Application Arbitrary Read/Write Advisory ID: KL-001-2021-006 Publication Date: 2021.05.26 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-006.t...

0.7AI score0.02304EPSS
Exploits8
0day.today
0day.today
added 2021/05/27 12:0 a.m.93 views

CommScope Ruckus IoT Controller 1.7.1.0 Web Application Arbitrary Read/Write Vulnerability

The IoT Controller web application includes a NodeJS module, node-red, which has the capability for users to read or write to local files on the IoT Controller. With the elevated privileges the web application runs as, this allowed for reading and writing to any file on the IoT Controller...

10CVSS1AI score0.02304EPSS
Exploits8
0day.today
0day.today
added 2021/05/27 12:0 a.m.59 views

CommScope Ruckus IoT Controller 1.7.1.0 Unauthenticated API Endpoints Vulnerability

Three API endpoints for the IoT Controller are accessible without authentication. Two of the endpoints result in information leakage and consumption of computing/storage resources. The third API endpoint that does not require authentication allows for a factory reset of the IoT Controller...

9.8CVSS0.2AI score0.5699EPSS
Exploits3
0day.today
0day.today
added 2021/05/27 12:0 a.m.58 views

CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded API Keys Exposed Vulnerability

CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded API Keys Exposed Vulnerability 1. Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-798: Use of Hard-coded Credentials CVE ID:...

7.8CVSS0.3AI score0.00254EPSS
Exploits2
0day.today
0day.today
added 2021/05/27 12:0 a.m.57 views

CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded Web Application Administrator Password

An undocumented, administrative-level, hard-coded web application account exists in the IoT Controller OVA which cannot be changed by the customer. CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded Web Application Administrator Password Vulnerability 1. Vulnerability Details Affected Vendor:...

9.8CVSS0.4AI score0.0215EPSS
Exploits6
Packet Storm
Packet Storm
added 2021/05/27 12:0 a.m.213 views

CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded System Passwords

KL-001-2021-003: CommScope Ruckus IoT Controller Hard-coded System Passwords Title: CommScope Ruckus IoT Controller Hard-coded System Passwords Advisory ID: KL-001-2021-003 Publication Date: 2021.05.26 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-003.txt 1. Vulnerabilit...

0.5AI score0.02304EPSS
Exploits4
0day.today
0day.today
added 2021/05/27 12:0 a.m.97 views

CommScope Ruckus IoT Controller 1.7.1.0 Undocumented Account Vulnerability

An upgrade account is included in the IoT Controller OVA that provides the vendor undocumented access via Secure Copy SCP. 1. Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-798:...

9.8CVSS0.5AI score0.13773EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/05/27 12:0 a.m.226 views

CommScope Ruckus IoT Controller 1.7.1.0 Web Application Directory Traversal

KL-001-2021-005: CommScope Ruckus IoT Controller Web Application Directory Traversal Title: CommScope Ruckus IoT Controller Web Application Directory Traversal Advisory ID: KL-001-2021-005 Publication Date: 2021.05.26 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-005.txt...

0.0215EPSS
Exploits6
CNNVD
CNNVD
added 2021/05/27 12:0 a.m.7 views

CommScope Ruckus IoT Controller 路径遍历漏洞

The Commscope CommScope Ruckus IoT Controller is an IoT controller from Commscope, Inc. A virtual controller that integrates with the SmartZone controller to perform connectivity, device and security management functions for non-Wi-Fi devices. A path traversal vulnerability exists in the CommScop...

4.3CVSS5.4AI score0.01193EPSS
Exploits2References5
Packet Storm
Packet Storm
added 2021/05/27 12:0 a.m.259 views

CommScope Ruckus IoT Controller 1.7.1.0 Undocumented Account

KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account Title: CommScope Ruckus IoT Controller Undocumented Account Advisory ID: KL-001-2021-007 Publication Date: 2021.05.26 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-007.txt 1. Vulnerability Details...

7.5CVSS0.4AI score0.13773EPSS
Exploits5
KoreLogic Security
KoreLogic Security
added 2021/05/26 12:0 a.m.33 views

CommScope Ruckus IoT Controller Unauthenticated API Endpoints

Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-306: Missing Authentication for Critical Function CVE ID: CVE-2021-33221 2. Vulnerability Description Three API endpoints for the...

9.8CVSS0.3AI score0.5699EPSS
Exploits3Affected Software1
KoreLogic Security
KoreLogic Security
added 2021/05/26 12:0 a.m.35 views

CommScope Ruckus IoT Controller Undocumented Account

Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-798: Use of Hard-coded Credentials, CWE-912: Hidden Functionality CVE ID: CVE-2021-33216 2. Vulnerability Description An upgrade...

9.8CVSS0.7AI score0.13773EPSS
Exploits4Affected Software1
KoreLogic Security
KoreLogic Security
added 2021/05/26 12:0 a.m.34 views

CommScope Ruckus IoT Controller Hard-coded Web Application Administrator Password

Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-259: Use of Hard-coded Password CVE ID: CVE-2021-33219 2. Vulnerability Description An undocumented, administrative-level, hard...

9.8CVSS0.3AI score0.0215EPSS
Exploits6Affected Software1
KoreLogic Security
KoreLogic Security
added 2021/05/26 12:0 a.m.28 views

CommScope Ruckus IoT Controller Web Application Directory Traversal

Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', CWE-250: Execution with Unnecessary Privileges...

9.8CVSS1.5AI score0.0215EPSS
Exploits6Affected Software1
KoreLogic Security
KoreLogic Security
added 2021/05/26 12:0 a.m.34 views

CommScope Ruckus IoT Controller Hard-coded System Passwords

Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-259: Use of Hard-coded Password CVE ID: CVE-2021-33218 2. Vulnerability Description Hard coded, system-level credentials exist on...

10CVSS0.2AI score0.02304EPSS
Exploits4Affected Software1
KoreLogic Security
KoreLogic Security
added 2021/05/26 12:0 a.m.201 views

CommScope Ruckus IoT Controller Web Application Arbitrary Read/Write

Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-250: Execution with Unnecessary Privileges CVE ID: CVE-2021-33217 2. Vulnerability Description The IoT Controller web application...

10CVSS9.2AI score0.02304EPSS
Exploits8Affected Software1
Rows per page
Query Builder