CVSS: 9.8EPSS: 0%CPEs: 35EXPL: 0CVE-2025-44954
https://notcve.org/view.php?id=CVE-2025-44954
04 Aug 2025 — RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account. RUCKUS SmartZone (SZ) anterior a la versión de actualización 6.1.2p3 tiene una clave privada SSH codificada para una cuenta de usuario equivalente a root. • https://claroty.com/team82/disclosure-dashboard/cve-2025-44954 • CWE-1394: Use of Default Cryptographic Key •
CVSS: 8.8EPSS: 0%CPEs: 36EXPL: 0CVE-2025-44960
https://notcve.org/view.php?id=CVE-2025-44960
04 Aug 2025 — RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route. La compilación de actualización de RUCKUS SmartZone (SZ) anterior a la versión 6.1.2p3 permite la inyección de comandos del sistema operativo a través de un determinado parámetro en una ruta API. • https://claroty.com/team82/disclosure-dashboard/cve-2025-44960 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.9EPSS: 0%CPEs: 36EXPL: 0CVE-2025-44961
https://notcve.org/view.php?id=CVE-2025-44961
04 Aug 2025 — In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user. En RUCKUS SmartZone (SZ) anterior a la versión de actualización 6.1.2p3, la inyección de comandos del sistema operativo puede ocurrir a través de un campo de dirección IP proporcionado por un usuario autenticado. • https://claroty.com/team82/disclosure-dashboard/cve-2025-44961 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.0EPSS: 0%CPEs: 36EXPL: 0CVE-2025-44962
https://notcve.org/view.php?id=CVE-2025-44962
04 Aug 2025 — RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ directory traversal to read files. La compilación de actualización de RUCKUS SmartZone (SZ) anterior a la versión 6.1.2p3 permite directory traversal ../ para leer archivos. • https://claroty.com/team82/disclosure-dashboard/cve-2025-44962 • CWE-24: Path Traversal: '../filedir' •
CVSS: 8.8EPSS: 0%CPEs: 36EXPL: 0CVE-2025-44957
https://notcve.org/view.php?id=CVE-2025-44957
04 Aug 2025 — Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers. La compilación de actualización de Ruckus SmartZone (SZ) anterior a la versión 6.1.2p3 permite omitir la autenticación a través de una clave API válida y encabezados HTTP manipulados. • https://claroty.com/team82/disclosure-dashboard/cve-2025-44957 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23618 – Arris SURFboard SBG6950AC2 Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23618
25 Jan 2024 — An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices. An unauthenticated attacker can exploit this vulnerability to achieve code execution as root. Existe una vulnerabilidad de ejecución de código arbitrario en los dispositivos Arris SURFboard SGB6950AC2. Un atacante no autenticado puede aprovechar esta vulnerabilidad para lograr la ejecución del código como root. • https://blog.exodusintel.com/2024/01/25/arris-surfboard-sbg6950ac2-arbitrary-command-execution-vulnerability • CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45992
https://notcve.org/view.php?id=CVE-2023-45992
19 Oct 2023 — A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system. Una vulnerabilidad en la interfaz web del producto RUCKUS Cloudpath en la versión 5.12 build 5538 o anterior podría ... • https://github.com/harry935/CVE-2023-45992 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 3CVE-2023-27571 – Arris DG3450 AR01.02.056.18_041520_711.NCS.10 XSS / Missing Authentication
https://notcve.org/view.php?id=CVE-2023-27571
07 Mar 2023 — An issue was discovered in DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. The troubleshooting_logs_download.php log file download functionality does not check the session cookie. Thus, an attacker can download all log files. Arris DG3450 cable gateway version AR01.02.056.18_041520_711.NCS.10 suffers from cross site scripting and missing authentication vulnerabilities. • https://packetstorm.news/files/id/171283 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 3CVE-2023-27572 – Arris DG3450 AR01.02.056.18_041520_711.NCS.10 XSS / Missing Authentication
https://notcve.org/view.php?id=CVE-2023-27572
07 Mar 2023 — An issue was discovered in CommScope Arris DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. A reflected XSS vulnerability was discovered in the https_redirect.php web page via the page parameter. Arris DG3450 cable gateway version AR01.02.056.18_041520_711.NCS.10 suffers from cross site scripting and missing authentication vulnerabilities. • https://packetstorm.news/files/id/171283 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 49%CPEs: 6EXPL: 6CVE-2022-45701 – Arris Router Firmware 9.1.103 - Remote Code Execution (RCE) (Authenticated)
https://notcve.org/view.php?id=CVE-2022-45701
15 Feb 2023 — Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature. • https://packetstorm.news/files/id/171001 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •