Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
commscope ruckus iot controller vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2021-33215
An issue exists in CommScope Ruckus IoT Controller 1.7.1.0 and previous versions. The API allows Directory Traversal.
Commscope Ruckus Iot Controller
NA
CVE-2021-332162
An upgrade account is included in the IoT Controller OVA that provides the vendor undocumented access via Secure Copy (SCP).
NA
CVE-2021-332172
The IoT Controller web application includes a NodeJS module, node-red, which has the capability for users to read or write to local files on the IoT Controller. With the elevated privileges the web application runs as, this allowed for reading and writing to any file on the IoT C...
NA
CVE-2021-332182
Hard-coded, system-level credentials exist on the Ruckus IoT Controller OVA image, and are exposed to attackers who mount the filesystem.
NA
CVE-2021-332192
An undocumented, administrative-level, hard-coded web application account exists in the IoT Controller OVA which cannot be changed by the customer.
NA
CVE-2021-332202
API keys for CommScope Ruckus are included in the IoT Controller OVA image, and are exposed to attackers who mount the filesystem.
NA
CVE-2021-332212
Three API endpoints for the IoT Controller are accessible without authentication. Two of the endpoints result in information leakage and consumption of computing/storage resources. The third API endpoint that does not require authentication allows for a factory reset of the IoT C...
NA
CVE-2021-332152
A Python script (web.py) for a Dockerized webservice contains a directory traversal vulnerability, which can be leveraged by an authenticated attacker to view the contents of directories on the IoT Controller.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2