Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-46118

Опубликовано: 21 июл. 2025
Источник: nvd
CVSS3: 5.3
EPSS Низкий

Описание

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279, where hard-coded credentials for the ftpuser account provide FTP access to the controller, enabling a remote attacker to upload or retrieve arbitrary files from writable firmware directories and thereby expose sensitive information or compromise the controller.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*
Версия до 200.15.6.212.14 (исключая)
cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*
Версия от 200.17 (включая) до 200.17.7.0.139 (исключая)
cpe:2.3:a:ruckuswireless:ruckus_zonedirector:*:*:*:*:*:*:*:*
Версия до 10.5.1.0.279 (исключая)

Одно из

cpe:2.3:h:commscope:ruckus_c110:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_e510:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_h320:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_h350:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_h510:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_h550:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_m510:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_m510-jp:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r310:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r320:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r350:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r350e:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r510:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r550:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r560:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r610:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r650:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r670:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r710:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r720:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r730:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r750:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r760:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r770:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r850:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t310c:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t310n:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t310s:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t350c:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t350d:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t350se:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t610:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t670:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t710:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t710s:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t750:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t750se:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t811-cm:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t811-cm_\(non-sfp\):-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:zonedirector_1200:-:*:*:*:*:*:*:*

EPSS

Процентиль: 21%
0.00067
Низкий

5.3 Medium

CVSS3

Дефекты

CWE-284

Связанные уязвимости

github логотип

GHSA-jr2r-3x4h-x86g

CVSS3: 7.3
github
7 месяцев назад

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279, where hard-coded credentials for the ftpuser account provide FTP access to the controller, enabling a remote attacker to upload or retrieve arbitrary files from writable firmware directories and thereby expose sensitive information or compromise the controller.

EPSS

Процентиль: 21%
0.00067
Низкий

5.3 Medium

CVSS3

Дефекты

CWE-284