CVE-2025-46122

Опубликовано: 21 июл. 2025

Источник: nvd

CVSS3: 9.1

EPSS Низкий

Описание

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the authenticated diagnostics API endpoint /admin/_cmdstat.jsp passes attacker-controlled input to the shell without adequate validation, enabling a remote attacker to specify a target by MAC address and execute arbitrary commands as root.

Ссылки

https://sector7.computest.nl/post/2025-07-ruckus-unleashed/
Exploit
Third Party Advisory
https://support.ruckuswireless.com/security_bulletins/330
Product

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*

Версия до 200.15.6.212.14 (исключая)

cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*

Версия от 200.17 (включая) до 200.17.7.0.139 (исключая)

cpe:2.3:a:ruckuswireless:ruckus_zonedirector:*:*:*:*:*:*:*:*

Версия до 10.5.1.0.279 (исключая)

Одно из

cpe:2.3:h:commscope:ruckus_c110:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_e510:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_h320:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_h350:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_h510:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_h550:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_m510:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_m510-jp:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_r310:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_r320:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_r350:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_r350e:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_r510:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_r550:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_r560:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_r610:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_r650:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_r670:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_r710:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_r720:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_r730:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_r750:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_r760:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_r770:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_r850:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_t310c:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_t310n:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_t310s:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_t350c:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_t350d:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_t350se:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_t610:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_t670:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_t710:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_t710s:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_t750:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_t750se:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_t811-cm:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_t811-cm_\(non-sfp\):-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:zonedirector_1200:-:*:*:*:*:*:*:*

EPSS

Процентиль: 58%

0.00361

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-77

Связанные уязвимости

GHSA-7xvw-hgxx-gmhh

CVSS3: 5.4

github

7 месяцев назад

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the authenticated diagnostics API endpoint `/admin/_cmdstat.jsp` passes attacker-controlled input to the shell without adequate validation, enabling a remote attacker to specify a target by MAC address and execute arbitrary commands as root.