CVE-2021-33216 – CommScope Ruckus IoT Controller 1.7.1.0 Undocumented Account
https://notcve.org/view.php?id=CVE-2021-33216
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account. Se ha detectado un problema en CommScope Ruckus IoT Controller versiones 1.7.1.0 y anteriores. Se presenta una Puerta Trasera No Documentada, permitiendo el acceso al shell por medio de una cuenta de desarrollador An upgrade account is included in the IoT Controller OVA that provides the vendor undocumented access via Secure Copy (SCP). • http://seclists.org/fulldisclosure/2021/May/78 https://korelogic.com/advisories.html •
CVE-2021-33217 – CommScope Ruckus IoT Controller 1.7.1.0 Web Application Arbitrary Read/Write
https://notcve.org/view.php?id=CVE-2021-33217
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root. Se ha detectado un problema en CommScope Ruckus IoT Controller versiones 1.7.1.0 y anteriores. La Aplicación Web permite acciones arbitrarias de lectura y escritura por parte de usuarios autenticados. • http://seclists.org/fulldisclosure/2021/May/77 https://korelogic.com/advisories.html • CWE-787: Out-of-bounds Write •
CVE-2021-33215 – CommScope Ruckus IoT Controller 1.7.1.0 Web Application Directory Traversal
https://notcve.org/view.php?id=CVE-2021-33215
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The API allows Directory Traversal. Se ha detectado un problema en CommScope Ruckus IoT Controller versiones 1.7.1.0 y anteriores. La API permite un Salto de Directorio A Python script (web.py) for a Dockerized webservice contains a directory traversal vulnerability, which can be leveraged by an authenticated attacker to view the contents of directories on the IoT Controller. • http://seclists.org/fulldisclosure/2021/May/76 https://korelogic.com/advisories.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2021-33219 – CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded Web Application Administrator Password
https://notcve.org/view.php?id=CVE-2021-33219
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts. Se ha detectado un problema en CommScope Ruckus IoT Controller versiones 1.7.1.0 y anteriores. Se presentan Contraseñas de Administrador de Aplicaciones Web Embebidas para las cuentas admin y nplus1user An undocumented, administrative-level, hard-coded web application account exists in the IoT Controller OVA which cannot be changed by the customer. • https://korelogic.com/advisories.html https://seclists.org/fulldisclosure/2021/May/75 • CWE-798: Use of Hard-coded Credentials •
CVE-2021-33218 – CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded System Passwords
https://notcve.org/view.php?id=CVE-2021-33218
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access. Se ha detectado un problema en CommScope Ruckus IoT Controller versiones 1.7.1.0 y anteriores. Se presentan Contraseñas de Sistema Embebidas que proporcionan acceso al shell Hard-coded, system-level credentials exist on the Ruckus IoT Controller OVA image, and are exposed to attackers who mount the filesystem. • https://korelogic.com/advisories.html https://seclists.org/fulldisclosure/2021/May/74 • CWE-798: Use of Hard-coded Credentials •