CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33220 – CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded API Keys Exposed
https://notcve.org/view.php?id=CVE-2021-33220
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Hard-coded API Keys exist. Se ha detectado un problema en CommScope Ruckus IoT Controller versiones 1.7.1.0 y anteriores. Se presentan Claves de API Embebidas API keys for CommScope Ruckus are included in the IoT Controller OVA image, and are exposed to attackers who mount the filesystem. • http://seclists.org/fulldisclosure/2021/May/73 https://korelogic.com/advisories.html • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 40%CPEs: 1EXPL: 1CVE-2021-33221 – CommScope Ruckus IoT Controller 1.7.1.0 Unauthenticated API Endpoints
https://notcve.org/view.php?id=CVE-2021-33221
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Unauthenticated API Endpoints. Se ha detectado un problema en CommScope Ruckus IoT Controller versiones 1.7.1.0 y anteriores. Se presentan unos Endpoints de API no Autenticados Three API endpoints for the IoT Controller are accessible without authentication. Two of the endpoints result in information leakage and consumption of computing/storage resources. • http://seclists.org/fulldisclosure/2021/May/72 https://korelogic.com/advisories.html • CWE-306: Missing Authentication for Critical Function •