Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
commscope ruckus iot controller vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2021-33215
An issue exists in CommScope Ruckus IoT Controller 1.7.1.0 and previous versions. The API allows Directory Traversal.
Commscope Ruckus Iot Controller
7.5
CVSSv2
CVE-2021-33216
An issue exists in CommScope Ruckus IoT Controller 1.7.1.0 and previous versions. An Undocumented Backdoor exists, allowing shell access via a developer account.
Commscope Ruckus Iot Controller
9
CVSSv2
CVE-2021-33217
An issue exists in CommScope Ruckus IoT Controller 1.7.1.0 and previous versions. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root.
Commscope Ruckus Iot Controller
10
CVSSv2
CVE-2021-33218
An issue exists in CommScope Ruckus IoT Controller 1.7.1.0 and previous versions. There are Hard-coded System Passwords that provide shell access.
Commscope Ruckus Iot Controller
4.6
CVSSv2
CVE-2021-33220
An issue exists in CommScope Ruckus IoT Controller 1.7.1.0 and previous versions. Hard-coded API Keys exist.
Commscope Ruckus Iot Controller
7.5
CVSSv2
CVE-2021-33221
An issue exists in CommScope Ruckus IoT Controller 1.7.1.0 and previous versions. There are Unauthenticated API Endpoints.
Commscope Ruckus Iot Controller
7.5
CVSSv2
CVE-2021-33219
An issue exists in CommScope Ruckus IoT Controller 1.7.1.0 and previous versions. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts.
Commscope Ruckus Iot Controller
9
CVSSv2
CVE-2020-26878
Ruckus up to and including 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API (/service/v1/createUser endpoint), injecting arbitrary commands that will be executed as root user via web.py.
Commscope Ruckus Vriot
1 Github repository
NA
CVE-2021-332162
An upgrade account is included in the IoT Controller OVA that provides the vendor undocumented access via Secure Copy (SCP).
NA
CVE-2021-332212
Three API endpoints for the IoT Controller are accessible without authentication. Two of the endpoints result in information leakage and consumption of computing/storage resources. The third API endpoint that does not require authentication allows for a factory reset of the IoT C...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »