Filtered by vendor Commscope
Subscribe
Total
61 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-44957 | 1 Commscope | 31 Ruckus C110, Ruckus E510, Ruckus H320 and 28 more | 2025-08-07 | N/A | 8.8 HIGH |
| Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers. | |||||
| CVE-2025-44961 | 1 Commscope | 31 Ruckus C110, Ruckus E510, Ruckus H320 and 28 more | 2025-08-07 | N/A | 8.8 HIGH |
| In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user. | |||||
| CVE-2025-44962 | 1 Commscope | 31 Ruckus C110, Ruckus E510, Ruckus H320 and 28 more | 2025-08-07 | N/A | 4.3 MEDIUM |
| RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ directory traversal to read files. | |||||
| CVE-2025-44960 | 1 Commscope | 31 Ruckus C110, Ruckus E510, Ruckus H320 and 28 more | 2025-08-07 | N/A | 8.8 HIGH |
| RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route. | |||||
| CVE-2025-44954 | 1 Commscope | 30 Ruckus C110, Ruckus E510, Ruckus H320 and 27 more | 2025-08-07 | N/A | 9.8 CRITICAL |
| RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account. | |||||
| CVE-2025-46122 | 2 Commscope, Ruckuswireless | 42 Ruckus C110, Ruckus E510, Ruckus H320 and 39 more | 2025-08-05 | N/A | N/A |
| An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the authenticated diagnostics API endpoint `/admin/_cmdstat.jsp` passes attacker-controlled input to the shell without adequate validation, enabling a remote attacker to specify a target by MAC address and execute arbitrary commands as root. | |||||
| CVE-2025-46121 | 2 Commscope, Ruckuswireless | 42 Ruckus C110, Ruckus E510, Ruckus H320 and 39 more | 2025-08-05 | N/A | N/A |
| An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the functions `stamgr_cfg_adpt_addStaFavourite` and `stamgr_cfg_adpt_addStaIot` pass a client hostname directly to snprintf as the format string. A remote attacker can exploit this flaw either by sending a crafted request to the authenticated endpoint `/admin/_conf.jsp`, or without authentication and without direct network access to the controller by spoofing the MAC address of a favourite station and embedding malicious format specifiers in the DHCP hostname field, resulting in unauthenticated format-string processing and arbitrary code execution on the controller. | |||||
| CVE-2025-46119 | 2 Commscope, Ruckuswireless | 42 Ruckus C110, Ruckus E510, Ruckus H320 and 39 more | 2025-08-05 | N/A | N/A |
| An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where an authenticated request to the management endpoint `/admin/_cmdstat.jsp` discloses the administrator password in a trivially reversible obfuscated form. The same obfuscation method persists in configuration prior to 200.18.7.1.302, allowing anyone who obtains the system configuration to recover the plaintext credentials. | |||||
| CVE-2025-46120 | 2 Commscope, Ruckuswireless | 42 Ruckus C110, Ruckus E510, Ruckus H320 and 39 more | 2025-08-05 | N/A | N/A |
| An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates outside permitted directories, allowing a remote unauthenticated attacker who can upload a template (e.g., via FTP) to escalate privileges and run arbitrary template code on the controller. | |||||
| CVE-2025-46123 | 2 Commscope, Ruckuswireless | 42 Ruckus C110, Ruckus E510, Ruckus H320 and 39 more | 2025-08-05 | N/A | N/A |
| An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where the authenticated configuration endpoint `/admin/_conf.jsp` writes the Wi-Fi guest password to memory with snprintf using the attacker-supplied value as the format string; a crafted password therefore triggers uncontrolled format-string processing and enables remote code execution on the controller. | |||||
| CVE-2025-46118 | 2 Commscope, Ruckuswireless | 42 Ruckus C110, Ruckus E510, Ruckus H320 and 39 more | 2025-08-05 | N/A | N/A |
| An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279, where hard-coded credentials for the ftpuser account provide FTP access to the controller, enabling a remote attacker to upload or retrieve arbitrary files from writable firmware directories and thereby expose sensitive information or compromise the controller. | |||||
| CVE-2025-46116 | 2 Commscope, Ruckuswireless | 42 Ruckus C110, Ruckus E510, Ruckus H320 and 39 more | 2025-08-05 | N/A | N/A |
| An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command `!v54!` via a management API call and then invoke it to escape the restricted shell and obtain a root shell on the controller. | |||||
| CVE-2025-46117 | 2 Commscope, Ruckuswireless | 42 Ruckus C110, Ruckus E510, Ruckus H320 and 39 more | 2025-08-05 | N/A | N/A |
| An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where a hidden debug script `.ap_debug.sh` invoked from the restricted CLI does not properly sanitize its input, allowing an authenticated attacker to execute arbitrary commands as root on the controller or specified target. | |||||
| CVE-2022-45701 | 1 Commscope | 6 Arris Sbg10, Arris Sbg10 Firmware, Arris Tg2482a and 3 more | 2025-03-18 | N/A | 8.8 HIGH |
| Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature. | |||||
| CVE-2023-27571 | 1 Commscope | 2 Dg3450, Dg3450 Firmware | 2025-02-10 | N/A | 5.3 MEDIUM |
| An issue was discovered in DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. The troubleshooting_logs_download.php log file download functionality does not check the session cookie. Thus, an attacker can download all log files. | |||||
| CVE-2023-27572 | 1 Commscope | 2 Dg3450, Dg3450 Firmware | 2025-02-10 | N/A | 6.1 MEDIUM |
| An issue was discovered in CommScope Arris DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. A reflected XSS vulnerability was discovered in the https_redirect.php web page via the page parameter. | |||||
| CVE-2024-23618 | 1 Commscope | 2 Arris Surfboard Sbg6950ac2, Arris Surfboard Sbg6950ac2 Firmware | 2024-01-31 | N/A | 9.8 CRITICAL |
| An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices. An unauthenticated attacker can exploit this vulnerability to achieve code execution as root. | |||||
| CVE-2023-45992 | 1 Commscope | 1 Ruckus Cloudpath Enrollment System | 2024-01-12 | N/A | 9.6 CRITICAL |
| A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system. | |||||
| CVE-2022-27002 | 1 Commscope | 2 Arris Tr3300, Arris Tr3300 Firmware | 2023-11-07 | 10.0 HIGH | 9.8 CRITICAL |
| Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the ddns function via the ddns_name, ddns_pwd, h_ddns?ddns_host parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2020-9476 | 1 Commscope | 2 Arris Tg1692a, Arris Tg1692a Firmware | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| ARRIS TG1692A devices allow remote attackers to discover the administrator login name and password by reading the /login page and performing base64 decoding. | |||||