RSS   Vulnerabilities for 'Ruckus iot controller'   RSS

2021-07-07
 
CVE-2021-33215

CWE-22
 

 
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The API allows Directory Traversal.

 
 
CVE-2021-33216

NVD-CWE-Other
 

 
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account.

 
 
CVE-2021-33217

CWE-787
 

 
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root.

 
 
CVE-2021-33218

CWE-798
 

 
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access.

 
 
CVE-2021-33219

CWE-798
 

 
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts.

 
 
CVE-2021-33220

CWE-798
 

 
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Hard-coded API Keys exist.

 
 
CVE-2021-33221

CWE-306
 

 
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Unauthenticated API Endpoints.

 

 >>> Vendor: Commscope 2 Products
Tr4400 firmware
Ruckus iot controller


Copyright 2024, cxsecurity.com

 

Back to Top