Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2021-33217

Published: 07/07/2021 Updated: 09/07/2021
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 801
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Subscribe to Ruckus Iot Controller

Vulnerability Summary

An issue exists in CommScope Ruckus IoT Controller 1.7.1.0 and previous versions. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

commscope ruckus iot controller

Exploits

Exploit DB: CommScope Ruckus IoT Controller 1.7.1.0 Web Application Arbitrary Read/Write
The IoT Controller web application includes a NodeJS module, node-red, which has the capability for users to read or write to local files on the IoT Controller With the elevated privileges the web application runs as, this allowed for reading and writing to any file on the IoT Controller filesystem ...

References

CWE-787http://seclists.org/fulldisclosure/2021/May/77https://korelogic.com/advisories.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/162847/CommScope-Ruckus-IoT-Controller-1.7.1.0-Web-Application-Arbitrary-Read-Write.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991CVE-2024-32674path traversalCVE-2023-21987denial of servicedosCVE-2024-4647CVE-2024-25519CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook