Shodan
Vulnerabilities
Vulnerable Software
Commscope:  Security Vulnerabilities
CVE-2025-44960
RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route.
CVSS Score
8.5
EPSS Score
0.001
Published
2025-08-04
CVE-2025-44961
In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user.
CVSS Score
9.9
EPSS Score
0.002
Published
2025-08-04
CVE-2025-44962
RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ directory traversal to read files.
CVSS Score
5.0
EPSS Score
0.0
Published
2025-08-04
CVE-2025-44963
RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key.
CVSS Score
9.0
EPSS Score
0.001
Published
2025-08-04
CVE-2025-44954
RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account.
CVSS Score
9.0
EPSS Score
0.001
Published
2025-08-04
CVE-2025-44957
Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers.
CVSS Score
8.5
EPSS Score
0.001
Published
2025-08-04
CVE-2025-44958
RUCKUS Network Director (RND) before 4.5 stores passwords in a recoverable format.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-08-04
CVE-2025-44955
RUCKUS Network Director (RND) before 4.5 allows jailed users to obtain root access vis a weak, hardcoded password.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-08-04
CVE-2025-46119
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where an authenticated request to the management endpoint `/admin/_cmdstat.jsp` discloses the administrator password in a trivially reversible obfuscated form. The same obfuscation method persists in configuration prior to 200.18.7.1.302, allowing anyone who obtains the system configuration to recover the plaintext credentials.
CVSS Score
6.3
EPSS Score
0.001
Published
2025-07-21
CVE-2025-46120
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates outside permitted directories, allowing a remote unauthenticated attacker who can upload a template (e.g., via FTP) to escalate privileges and run arbitrary template code on the controller.
CVSS Score
9.8
EPSS Score
0.017
Published
2025-07-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved