Commscope
Products
9- 8 CVEs
- 7 CVEs
- 6 CVEs
- 5 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
28| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-67305 | Cri | 0.64 | 9.8 | 0.00 | Feb 19, 2026 | In RUCKUS Network Director (RND) < 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network access to authenticate via SSH without a password. Once authenticated, the… | ||
| CVE-2025-67304 | Cri | 0.64 | 9.8 | 0.00 | Feb 19, 2026 | In Ruckus Network Director (RND) < 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user. In the default configuration, the PostgreSQL service is accessible over the network on TCP port 5432. An attacker can use the hardcoded… | ||
| CVE-2017-9521 | Cri | 0.64 | 9.8 | 0.03 | Jul 31, 2017 | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware… | ||
| CVE-2017-9489 | Hig | 0.57 | 8.8 | 0.01 | Jul 31, 2017 | The Comcast firmware on Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST) devices allows configuration changes via CSRF. | ||
| CVE-2017-9492 | Hig | 0.49 | 7.5 | 0.02 | Jul 31, 2017 | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware… | ||
| CVE-2017-16836 | Med | 0.43 | 6.1 | 0.02 | Nov 16, 2017 | Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter. | ||
| CVE-2017-9476 | Med | 0.42 | 6.5 | 0.02 | Jul 31, 2017 | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version… | ||
| CVE-2017-9491 | Med | 0.35 | 5.3 | 0.01 | Jul 31, 2017 | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware… | ||
| CVE-2021-33221 | 0.07 | — | 0.57 | Jul 7, 2021 | An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Unauthenticated API Endpoints. | |||
| CVE-2021-33216 | 0.06 | — | 0.14 | Jul 7, 2021 | An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account. | |||
| CVE-2021-36630 | 0.03 | — | 0.02 | Jan 18, 2023 | DDOS reflection amplification vulnerability in eAut module of Ruckus Wireless SmartZone controller that allows remote attackers to perform DOS attacks via crafted request. | |||
| CVE-2014-3778 | 0.03 | — | 0.02 | Jun 19, 2014 | Multiple cross-site request forgery (CSRF) vulnerabilities in goform/RgDdns in ARRIS (formerly Motorola) SBG901 SURFboard Wireless Cable Modem allow remote attackers to hijack the authentication of administrators for requests that (1) change the dns service via the DdnsService… | |||
| CVE-2025-46121 | 0.00 | — | 0.01 | Jul 21, 2025 | An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the functions `stamgr_cfg_adpt_addStaFavourite` and `stamgr_cfg_adpt_addStaIot` pass a client hostname directly to snprintf as the format string. A remote attacker can… | |||
| CVE-2025-46120 | 0.00 | — | 0.01 | Jul 21, 2025 | An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates outside permitted… | |||
| CVE-2025-46117 | 0.00 | — | 0.01 | Jul 21, 2025 | An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where a hidden debug script `.ap_debug.sh` invoked from the restricted CLI does not properly sanitize its input, allowing an… | |||
| CVE-2025-46119 | 0.00 | — | 0.00 | Jul 21, 2025 | An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where an authenticated request to the management endpoint `/admin/_cmdstat.jsp` discloses the administrator password in a… | |||
| CVE-2025-46118 | 0.00 | — | 0.01 | Jul 21, 2025 | An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279, where hard-coded credentials for the ftpuser account provide FTP access to the controller, enabling a remote attacker to upload or… | |||
| CVE-2025-46123 | 0.00 | — | 0.01 | Jul 21, 2025 | An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where the authenticated configuration endpoint `/admin/_conf.jsp` writes the Wi-Fi guest password to memory with snprintf using… | |||
| CVE-2025-46122 | 0.00 | — | 0.01 | Jul 21, 2025 | An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the authenticated diagnostics API endpoint `/admin/_cmdstat.jsp` passes attacker-controlled input to the shell without adequate validation, enabling a remote attacker to… | |||
| CVE-2025-46116 | 0.00 | — | 0.00 | Jul 21, 2025 | An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command `!v54!` via a management API call… |
- risk 0.64cvss 9.8epss 0.00
In RUCKUS Network Director (RND) < 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network access to authenticate via SSH without a password. Once authenticated, the…
- risk 0.64cvss 9.8epss 0.00
In Ruckus Network Director (RND) < 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user. In the default configuration, the PostgreSQL service is accessible over the network on TCP port 5432. An attacker can use the hardcoded…
- risk 0.64cvss 9.8epss 0.03
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware…
- risk 0.57cvss 8.8epss 0.01
The Comcast firmware on Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST) devices allows configuration changes via CSRF.
- risk 0.49cvss 7.5epss 0.02
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware…
- risk 0.43cvss 6.1epss 0.02
Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter.
- risk 0.42cvss 6.5epss 0.02
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version…
- risk 0.35cvss 5.3epss 0.01
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware…
- CVE-2021-33221Jul 7, 2021risk 0.07cvss —epss 0.57
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Unauthenticated API Endpoints.
- CVE-2021-33216Jul 7, 2021risk 0.06cvss —epss 0.14
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account.
- CVE-2021-36630Jan 18, 2023risk 0.03cvss —epss 0.02
DDOS reflection amplification vulnerability in eAut module of Ruckus Wireless SmartZone controller that allows remote attackers to perform DOS attacks via crafted request.
- CVE-2014-3778Jun 19, 2014risk 0.03cvss —epss 0.02
Multiple cross-site request forgery (CSRF) vulnerabilities in goform/RgDdns in ARRIS (formerly Motorola) SBG901 SURFboard Wireless Cable Modem allow remote attackers to hijack the authentication of administrators for requests that (1) change the dns service via the DdnsService…
- CVE-2025-46121Jul 21, 2025risk 0.00cvss —epss 0.01
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the functions `stamgr_cfg_adpt_addStaFavourite` and `stamgr_cfg_adpt_addStaIot` pass a client hostname directly to snprintf as the format string. A remote attacker can…
- CVE-2025-46120Jul 21, 2025risk 0.00cvss —epss 0.01
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates outside permitted…
- CVE-2025-46117Jul 21, 2025risk 0.00cvss —epss 0.01
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where a hidden debug script `.ap_debug.sh` invoked from the restricted CLI does not properly sanitize its input, allowing an…
- CVE-2025-46119Jul 21, 2025risk 0.00cvss —epss 0.00
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where an authenticated request to the management endpoint `/admin/_cmdstat.jsp` discloses the administrator password in a…
- CVE-2025-46118Jul 21, 2025risk 0.00cvss —epss 0.01
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279, where hard-coded credentials for the ftpuser account provide FTP access to the controller, enabling a remote attacker to upload or…
- CVE-2025-46123Jul 21, 2025risk 0.00cvss —epss 0.01
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where the authenticated configuration endpoint `/admin/_conf.jsp` writes the Wi-Fi guest password to memory with snprintf using…
- CVE-2025-46122Jul 21, 2025risk 0.00cvss —epss 0.01
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the authenticated diagnostics API endpoint `/admin/_cmdstat.jsp` passes attacker-controlled input to the shell without adequate validation, enabling a remote attacker to…
- CVE-2025-46116Jul 21, 2025risk 0.00cvss —epss 0.00
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command `!v54!` via a management API call…