Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
commscope ruckus iot controller vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-33219
An issue exists in CommScope Ruckus IoT Controller 1.7.1.0 and previous versions. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts.
Commscope Ruckus Iot Controller
9.8
CVSSv3
CVE-2021-33218
An issue exists in CommScope Ruckus IoT Controller 1.7.1.0 and previous versions. There are Hard-coded System Passwords that provide shell access.
Commscope Ruckus Iot Controller
9.8
CVSSv3
CVE-2021-33221
An issue exists in CommScope Ruckus IoT Controller 1.7.1.0 and previous versions. There are Unauthenticated API Endpoints.
Commscope Ruckus Iot Controller
9.8
CVSSv3
CVE-2021-33216
An issue exists in CommScope Ruckus IoT Controller 1.7.1.0 and previous versions. An Undocumented Backdoor exists, allowing shell access via a developer account.
Commscope Ruckus Iot Controller
9.8
CVSSv3
CVE-2019-3464
Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
Pizzashack Rssh 2.3.4
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
9.8
CVSSv3
CVE-2019-3463
Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
Pizzashack Rssh 2.3.4
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
8.8
CVSSv3
CVE-2021-33217
An issue exists in CommScope Ruckus IoT Controller 1.7.1.0 and previous versions. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root.
Commscope Ruckus Iot Controller
8.8
CVSSv3
CVE-2020-26878
Ruckus up to and including 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API (/service/v1/createUser endpoint), injecting arbitrary commands that will be executed as root user via web.py.
Commscope Ruckus Vriot
1 Github repository
7.8
CVSSv3
CVE-2021-33220
An issue exists in CommScope Ruckus IoT Controller 1.7.1.0 and previous versions. Hard-coded API Keys exist.
Commscope Ruckus Iot Controller
7.8
CVSSv3
CVE-2019-1000018
rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user wit...
Pizzashack Rssh 2.3.4
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »