Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-46116

Опубликовано: 21 июл. 2025
Источник: nvd
CVSS3: 8.8
EPSS Низкий

Описание

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command !v54! via a management API call and then invoke it to escape the restricted shell and obtain a root shell on the controller.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*
Версия до 200.15.6.212.14 (исключая)
cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*
Версия от 200.17 (включая) до 200.17.7.0.139 (исключая)
cpe:2.3:a:ruckuswireless:ruckus_zonedirector:*:*:*:*:*:*:*:*
Версия до 10.5.1.0.279 (исключая)

Одно из

cpe:2.3:h:commscope:ruckus_c110:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_e510:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_h320:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_h350:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_h510:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_h550:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_m510:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_m510-jp:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r310:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r320:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r350:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r350e:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r510:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r550:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r560:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r610:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r650:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r670:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r710:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r720:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r730:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r750:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r760:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r770:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r850:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t310c:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t310n:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t310s:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t350c:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t350d:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t350se:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t610:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t670:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t710:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t710s:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t750:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t750se:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t811-cm:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t811-cm_\(non-sfp\):-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:zonedirector_1200:-:*:*:*:*:*:*:*

EPSS

Процентиль: 19%
0.0006
Низкий

8.8 High

CVSS3

Дефекты

CWE-250

Связанные уязвимости

github логотип

GHSA-53mp-gj4v-gr9v

CVSS3: 8.8
github
7 месяцев назад

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command `!v54!` via a management API call and then invoke it to escape the restricted shell and obtain a root shell on the controller.

EPSS

Процентиль: 19%
0.0006
Низкий

8.8 High

CVSS3

Дефекты

CWE-250