Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
commscope ruckus iot controller vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-33218
An issue exists in CommScope Ruckus IoT Controller 1.7.1.0 and previous versions. There are Hard-coded System Passwords that provide shell access.
Commscope Ruckus Iot Controller
9.8
CVSSv3
CVE-2021-33221
An issue exists in CommScope Ruckus IoT Controller 1.7.1.0 and previous versions. There are Unauthenticated API Endpoints.
Commscope Ruckus Iot Controller
7.8
CVSSv3
CVE-2021-33220
An issue exists in CommScope Ruckus IoT Controller 1.7.1.0 and previous versions. Hard-coded API Keys exist.
Commscope Ruckus Iot Controller
4.3
CVSSv3
CVE-2021-33215
An issue exists in CommScope Ruckus IoT Controller 1.7.1.0 and previous versions. The API allows Directory Traversal.
Commscope Ruckus Iot Controller
9.8
CVSSv3
CVE-2021-33216
An issue exists in CommScope Ruckus IoT Controller 1.7.1.0 and previous versions. An Undocumented Backdoor exists, allowing shell access via a developer account.
Commscope Ruckus Iot Controller
8.8
CVSSv3
CVE-2021-33217
An issue exists in CommScope Ruckus IoT Controller 1.7.1.0 and previous versions. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root.
Commscope Ruckus Iot Controller
9.8
CVSSv3
CVE-2021-33219
An issue exists in CommScope Ruckus IoT Controller 1.7.1.0 and previous versions. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts.
Commscope Ruckus Iot Controller
8.8
CVSSv3
CVE-2020-26878
Ruckus up to and including 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API (/service/v1/createUser endpoint), injecting arbitrary commands that will be executed as root user via web.py.
Commscope Ruckus Vriot
1 Github repository
NA
CVE-2021-332162
An upgrade account is included in the IoT Controller OVA that provides the vendor undocumented access via Secure Copy (SCP).
NA
CVE-2021-332212
Three API endpoints for the IoT Controller are accessible without authentication. Two of the endpoints result in information leakage and consumption of computing/storage resources. The third API endpoint that does not require authentication allows for a factory reset of the IoT C...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »