Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-46119

Опубликовано: 21 июл. 2025
Источник: nvd
CVSS3: 6.3
EPSS Низкий

Описание

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where an authenticated request to the management endpoint /admin/_cmdstat.jsp discloses the administrator password in a trivially reversible obfuscated form. The same obfuscation method persists in configuration prior to 200.18.7.1.302, allowing anyone who obtains the system configuration to recover the plaintext credentials.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*
Версия до 200.15.6.212.14 (исключая)
cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*
Версия от 200.17 (включая) до 200.17.7.0.139 (исключая)
cpe:2.3:a:ruckuswireless:ruckus_zonedirector:*:*:*:*:*:*:*:*
Версия до 10.5.1.0.279 (исключая)

Одно из

cpe:2.3:h:commscope:ruckus_c110:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_e510:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_h320:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_h350:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_h510:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_h550:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_m510:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_m510-jp:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r310:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r320:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r350:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r350e:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r510:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r550:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r560:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r610:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r650:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r670:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r710:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r720:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r730:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r750:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r760:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r770:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_r850:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t310c:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t310n:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t310s:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t350c:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t350d:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t350se:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t610:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t670:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t710:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t710s:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t750:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t750se:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t811-cm:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:ruckus_t811-cm_\(non-sfp\):-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:zonedirector_1200:-:*:*:*:*:*:*:*

EPSS

Процентиль: 16%
0.00052
Низкий

6.3 Medium

CVSS3

Дефекты

CWE-555

Связанные уязвимости

github логотип

GHSA-rv79-m662-c92x

CVSS3: 6.3
github
7 месяцев назад

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.12.304, where an authenticated request to the management endpoint `/admin/_cmdstat.jsp` discloses the administrator password in a trivially reversible obfuscated form. The same obfuscation method persists in configuration prior to 200.18.7.1.302, allowing anyone who obtains the system configuration to recover the plaintext credentials.

EPSS

Процентиль: 16%
0.00052
Низкий

6.3 Medium

CVSS3

Дефекты

CWE-555