Commscope: >> Ruckus Iot Controller Security Vulnerabilities
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root.
CVSS Score
8.8
EPSS Score
0.005
Published
2021-07-07
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access.
CVSS Score
9.8
EPSS Score
0.013
Published
2021-07-07
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts.
CVSS Score
9.8
EPSS Score
0.007
Published
2021-07-07
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Hard-coded API Keys exist.
CVSS Score
7.8
EPSS Score
0.0
Published
2021-07-07
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Unauthenticated API Endpoints.
CVSS Score
9.8
EPSS Score
0.902
Published
2021-07-07
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The API allows Directory Traversal.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-07-07
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account.
CVSS Score
9.8
EPSS Score
0.23
Published
2021-07-07