CVE-2025-46120

Опубликовано: 21 июл. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates outside permitted directories, allowing a remote unauthenticated attacker who can upload a template (e.g., via FTP) to escalate privileges and run arbitrary template code on the controller.

Ссылки

https://sector7.computest.nl/post/2025-07-ruckus-unleashed/
Exploit
Third Party Advisory
https://support.ruckuswireless.com/security_bulletins/330
Product

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*

Версия до 200.15.6.212.14 (исключая)

cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*

Версия от 200.17 (включая) до 200.17.7.0.139 (исключая)

cpe:2.3:a:ruckuswireless:ruckus_zonedirector:*:*:*:*:*:*:*:*

Версия до 10.5.1.0.279 (исключая)

Одно из

cpe:2.3:h:commscope:ruckus_c110:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_e510:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_h320:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_h350:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_h510:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_h550:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_m510:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_m510-jp:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_r310:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_r320:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_r350:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_r350e:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_r510:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_r550:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_r560:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_r610:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_r650:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_r670:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_r710:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_r720:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_r730:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_r750:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_r760:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_r770:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_r850:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_t310c:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_t310n:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_t310s:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_t350c:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_t350d:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_t350se:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_t610:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_t670:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_t710:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_t710s:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_t750:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_t750se:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_t811-cm:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_t811-cm_\(non-sfp\):-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:zonedirector_1200:-:*:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.01733

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-gxx3-jhj6-v22h

CVSS3: 6.5

github

7 месяцев назад

An issue was discovered in CommScope Ruckus Unleashed prior to 200.14.6.1.203 and in Ruckus ZoneDirector, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates outside permitted directories, allowing a remote unauthenticated attacker who can upload a template (e.g., via FTP) to escalate privileges and run arbitrary template code on the controller.