7 results (0.003 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

27 May 2021 — An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts. Se ha detectado un problema en CommScope Ruckus IoT Controller versiones 1.7.1.0 y anteriores. Se presentan Contraseñas de Administrador de Aplicaciones Web Embebidas para las cuentas admin y nplus1user An undocumented, administrative-level, hard-coded web application account exists in the IoT Controller OVA which cannot be change... • https://packetstorm.news/files/id/162845 • CWE-798: Use of Hard-coded Credentials •

CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1

27 May 2021 — An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access. Se ha detectado un problema en CommScope Ruckus IoT Controller versiones 1.7.1.0 y anteriores. Se presentan Contraseñas de Sistema Embebidas que proporcionan acceso al shell Hard-coded, system-level credentials exist on the Ruckus IoT Controller OVA image, and are exposed to attackers who mount the filesystem. • https://packetstorm.news/files/id/162844 • CWE-798: Use of Hard-coded Credentials •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

27 May 2021 — An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The API allows Directory Traversal. Se ha detectado un problema en CommScope Ruckus IoT Controller versiones 1.7.1.0 y anteriores. La API permite un Salto de Directorio A Python script (web.py) for a Dockerized webservice contains a directory traversal vulnerability, which can be leveraged by an authenticated attacker to view the contents of directories on the IoT Controller. • https://packetstorm.news/files/id/162846 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1

27 May 2021 — An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root. Se ha detectado un problema en CommScope Ruckus IoT Controller versiones 1.7.1.0 y anteriores. La Aplicación Web permite acciones arbitrarias de lectura y escritura por parte de usuarios autenticados. • https://packetstorm.news/files/id/162847 • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

27 May 2021 — An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Hard-coded API Keys exist. Se ha detectado un problema en CommScope Ruckus IoT Controller versiones 1.7.1.0 y anteriores. Se presentan Claves de API Embebidas API keys for CommScope Ruckus are included in the IoT Controller OVA image, and are exposed to attackers who mount the filesystem. • https://packetstorm.news/files/id/162843 • CWE-798: Use of Hard-coded Credentials •

CVSS: 9.8EPSS: 23%CPEs: 1EXPL: 2

27 May 2021 — An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account. Se ha detectado un problema en CommScope Ruckus IoT Controller versiones 1.7.1.0 y anteriores. Se presenta una Puerta Trasera No Documentada, permitiendo el acceso al shell por medio de una cuenta de desarrollador An upgrade account is included in the IoT Controller OVA that provides the vendor undocumented access via Secure Copy (SCP). • https://packetstorm.news/files/id/162848 •

CVSS: 9.8EPSS: 90%CPEs: 1EXPL: 2

27 May 2021 — An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Unauthenticated API Endpoints. Se ha detectado un problema en CommScope Ruckus IoT Controller versiones 1.7.1.0 y anteriores. Se presentan unos Endpoints de API no Autenticados Three API endpoints for the IoT Controller are accessible without authentication. Two of the endpoints result in information leakage and consumption of computing/storage resources. • https://packetstorm.news/files/id/162842 • CWE-306: Missing Authentication for Critical Function •