CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-33215 – CommScope Ruckus IoT Controller 1.7.1.0 Web Application Directory Traversal
https://notcve.org/view.php?id=CVE-2021-33215
27 May 2021 — An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The API allows Directory Traversal. Se ha detectado un problema en CommScope Ruckus IoT Controller versiones 1.7.1.0 y anteriores. La API permite un Salto de Directorio A Python script (web.py) for a Dockerized webservice contains a directory traversal vulnerability, which can be leveraged by an authenticated attacker to view the contents of directories on the IoT Controller. • https://packetstorm.news/files/id/162846 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 23%CPEs: 1EXPL: 3CVE-2021-33216 – Ruckus IoT Controller 1.7.1.0 - Undocumented Backdoor Account
https://notcve.org/view.php?id=CVE-2021-33216
27 May 2021 — An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account. Se ha detectado un problema en CommScope Ruckus IoT Controller versiones 1.7.1.0 y anteriores. Se presenta una Puerta Trasera No Documentada, permitiendo el acceso al shell por medio de una cuenta de desarrollador An upgrade account is included in the IoT Controller OVA that provides the vendor undocumented access via Secure Copy (SCP). • https://packetstorm.news/files/id/162848 •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-33217 – CommScope Ruckus IoT Controller 1.7.1.0 Web Application Arbitrary Read/Write
https://notcve.org/view.php?id=CVE-2021-33217
27 May 2021 — An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root. Se ha detectado un problema en CommScope Ruckus IoT Controller versiones 1.7.1.0 y anteriores. La Aplicación Web permite acciones arbitrarias de lectura y escritura por parte de usuarios autenticados. • https://packetstorm.news/files/id/162847 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2021-33218 – CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded System Passwords
https://notcve.org/view.php?id=CVE-2021-33218
27 May 2021 — An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access. Se ha detectado un problema en CommScope Ruckus IoT Controller versiones 1.7.1.0 y anteriores. Se presentan Contraseñas de Sistema Embebidas que proporcionan acceso al shell Hard-coded, system-level credentials exist on the Ruckus IoT Controller OVA image, and are exposed to attackers who mount the filesystem. • https://packetstorm.news/files/id/162844 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-33219 – CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded Web Application Administrator Password
https://notcve.org/view.php?id=CVE-2021-33219
27 May 2021 — An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts. Se ha detectado un problema en CommScope Ruckus IoT Controller versiones 1.7.1.0 y anteriores. Se presentan Contraseñas de Administrador de Aplicaciones Web Embebidas para las cuentas admin y nplus1user An undocumented, administrative-level, hard-coded web application account exists in the IoT Controller OVA which cannot be change... • https://packetstorm.news/files/id/162845 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-33220 – CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded API Keys Exposed
https://notcve.org/view.php?id=CVE-2021-33220
27 May 2021 — An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Hard-coded API Keys exist. Se ha detectado un problema en CommScope Ruckus IoT Controller versiones 1.7.1.0 y anteriores. Se presentan Claves de API Embebidas API keys for CommScope Ruckus are included in the IoT Controller OVA image, and are exposed to attackers who mount the filesystem. • https://packetstorm.news/files/id/162843 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 90%CPEs: 1EXPL: 2CVE-2021-33221 – CommScope Ruckus IoT Controller 1.7.1.0 Unauthenticated API Endpoints
https://notcve.org/view.php?id=CVE-2021-33221
27 May 2021 — An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Unauthenticated API Endpoints. Se ha detectado un problema en CommScope Ruckus IoT Controller versiones 1.7.1.0 y anteriores. Se presentan unos Endpoints de API no Autenticados Three API endpoints for the IoT Controller are accessible without authentication. Two of the endpoints result in information leakage and consumption of computing/storage resources. • https://packetstorm.news/files/id/162842 • CWE-306: Missing Authentication for Critical Function •