High severity8.8NVD Advisory· Published Oct 26, 2020· Updated Jun 17, 2026
CVE-2020-26878
CVE-2020-26878
Description
Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API (/service/v1/createUser endpoint), injecting arbitrary commands that will be executed as root user via web.py.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Ruckus/Ruckusdescription
- Range: <=1.5.1.0.21
Patches
Vulnerability mechanics
References
6- adepts.of0x.cc/ruckus-vriot-rce/nvdExploitThird Party Advisory
- adepts.of0x.ccnvdThird Party Advisory
- support.ruckuswireless.com/documentsnvdVendor Advisory
- support.ruckuswireless.com/security_bulletins/305nvdProductVendor Advisory
- twitter.com/TheXC3LLnvdThird Party Advisory
- x-c3ll.github.ionvdThird Party Advisory
News mentions
0No linked articles in our index yet.