Published: 26/10/2020 Updated: 21/07/2021

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 801

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Ruckus up to and including 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API (/service/v1/createUser endpoint), injecting arbitrary commands that will be executed as root user via web.py.

Vulnerable Product	Search on Vulmon	Subscribe to Product
commscope ruckus_vriot

Ruckus IoT Controller (Ruckus vRIoT) versions 151021 and below suffer from a remote code execution vulnerability ...

CVE-2020-26878 This is a modified version of the Ruckus exploit found at wwwexploit-dbcom/exploits/49110 Since the original exploit was written for Python 2, I tweaked it a little to make it work with Python 3 Note: I am not responsible for any illegal use of this exploit This is only for educational and testing purposes, with the goal of securing systems

CWE-78 https://adepts.of0x.cc/ruckus-vriot-rce/https://twitter.com/TheXC3LL https://support.ruckuswireless.com/security_bulletins/305 https://support.ruckuswireless.com/documents https://adepts.of0x.cc https://x-c3ll.github.io https://nvd.nist.gov https://github.com/htarsoo/CVE-2020-26878 https://packetstormsecurity.com/files/160229/Ruckus-IoT-Controller-1.5.1.0.21-Remote-Code-Execution.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-26878

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect