Ruckus IoT Controller
by Commscope
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-33221 | 0.07 | — | 0.57 | Jul 7, 2021 | An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Unauthenticated API Endpoints. | |||
| CVE-2021-33216 | 0.06 | — | 0.14 | Jul 7, 2021 | An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account. | |||
| CVE-2021-33220 | 0.00 | — | 0.00 | Jul 7, 2021 | An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Hard-coded API Keys exist. | |||
| CVE-2021-33219 | 0.00 | — | 0.02 | Jul 7, 2021 | An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts. | |||
| CVE-2021-33218 | 0.00 | — | 0.02 | Jul 7, 2021 | An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access. | |||
| CVE-2021-33217 | 0.00 | — | 0.01 | Jul 7, 2021 | An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root. | |||
| CVE-2021-33215 | 0.00 | — | 0.01 | Jul 7, 2021 | An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The API allows Directory Traversal. |
- CVE-2021-33221Jul 7, 2021risk 0.07cvss —epss 0.57
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Unauthenticated API Endpoints.
- CVE-2021-33216Jul 7, 2021risk 0.06cvss —epss 0.14
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account.
- CVE-2021-33220Jul 7, 2021risk 0.00cvss —epss 0.00
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Hard-coded API Keys exist.
- CVE-2021-33219Jul 7, 2021risk 0.00cvss —epss 0.02
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts.
- CVE-2021-33218Jul 7, 2021risk 0.00cvss —epss 0.02
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access.
- CVE-2021-33217Jul 7, 2021risk 0.00cvss —epss 0.01
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root.
- CVE-2021-33215Jul 7, 2021risk 0.00cvss —epss 0.01
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The API allows Directory Traversal.