CVE-2021-33218

The IoT Controller web application includes a NodeJS module, node-red, which has the capability for users to read or write to local files on the IoT Controller With the elevated privileges the web application runs as, this allowed for reading and writing to any file on the IoT Controller filesystem ...

Hard-coded, system-level credentials exist on the Ruckus IoT Controller OVA image, and are exposed to attackers who mount the filesystem ...

<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> KL-001-2021-003: CommScope Ruckus IoT Controller Hard-coded System Passwords <!--X-Subject-Header-End--> <!--X-Head-of ...