Ruckus Vriot

ruckus_vriot

Vendor: Commscope • 2 CVEs

CVEs (2)

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

1Commscope

1Ruckus Vriot

Nov 21, 2024

Oct 26, 2020

N/A· v4

9.8 CRITICAL· v3

10.0 HIGH· v2

Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An unauthenticated attacker can interact with the service API by using a backdoor value as the Authorization header.

1Commscope

1Ruckus Vriot

Nov 21, 2024

Oct 26, 2020

N/A· v4

8.8 HIGH· v3

9.0 HIGH· v2

Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API (/service/v1/createUser endpoint), injecting arbitrary commands that will be executed as root user vi...Show more

Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API (/service/v1/createUser endpoint), injecting arbitrary commands that will be executed as root user via web.py.Show less