Commscope: >> Ruckus Iot Module Security Vulnerabilities
Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API (/service/v1/createUser endpoint), injecting arbitrary commands that will be executed as root user via web.py.
CVSS Score
8.8
EPSS Score
0.625
Published
2020-10-26
Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An unauthenticated attacker can interact with the service API by using a backdoor value as the Authorization header.
CVSS Score
9.8
EPSS Score
0.403
Published
2020-10-26