Commscope: Security Vulnerabilities
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account.
CVSS Score
9.8
EPSS Score
0.176
Published
2021-07-07
Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API (/service/v1/createUser endpoint), injecting arbitrary commands that will be executed as root user via web.py.
CVSS Score
8.8
EPSS Score
0.415
Published
2020-10-26
Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An unauthenticated attacker can interact with the service API by using a backdoor value as the Authorization header.
CVSS Score
9.8
EPSS Score
0.895
Published
2020-10-26
A CSRF issue in login.asp on Ruckus R500 3.4.2.0.384 devices allows remote attackers to access the panel or conduct SSRF attacks.
CVSS Score
8.1
EPSS Score
0.001
Published
2020-05-05
Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Name field.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-05-05
CSRF in login.asp on Ruckus devices allows an attacker to access the panel, and use SSRF to perform scraping or other analysis via the SUBCA-1 field on the Wireless Admin screen.
CVSS Score
8.8
EPSS Score
0.001
Published
2020-05-05
ARRIS TG1692A devices allow remote attackers to discover the administrator login name and password by reading the /login page and performing base64 decoding.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-03-04
CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can exploit this.
CVSS Score
9.8
EPSS Score
0.002
Published
2019-08-29
CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/basic_sett.html. Any user connected to the Wi-Fi can exploit this.
CVSS Score
9.8
EPSS Score
0.002
Published
2019-08-29
ARRIS DG950A 7.10.145 and DG950S 7.10.145.EURO devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
CVSS Score
9.8
EPSS Score
0.008
Published
2018-12-23