VYPR

Ruckus IoT Controller

by Commscope

CVEs (7)

  • CVE-2021-33221Jul 7, 2021
    risk 0.07cvss epss 0.57

    An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Unauthenticated API Endpoints.

  • CVE-2021-33216Jul 7, 2021
    risk 0.06cvss epss 0.14

    An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account.

  • CVE-2021-33220Jul 7, 2021
    risk 0.00cvss epss 0.00

    An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Hard-coded API Keys exist.

  • CVE-2021-33219Jul 7, 2021
    risk 0.00cvss epss 0.02

    An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts.

  • CVE-2021-33218Jul 7, 2021
    risk 0.00cvss epss 0.02

    An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access.

  • CVE-2021-33217Jul 7, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root.

  • CVE-2021-33215Jul 7, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The API allows Directory Traversal.