Описание
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root.
Ссылки
- Mailing ListThird Party Advisory
- Third Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.7.1.0 (включая)
cpe:2.3:a:commscope:ruckus_iot_controller:*:*:*:*:*:*:*:*
EPSS
Процентиль: 74%
0.00841
Низкий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-787
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root.
EPSS
Процентиль: 74%
0.00841
Низкий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-787