CVE-2025-46119

Medium CVSS: 6.3

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where an authenticated request to the management endpoint `/admin/_cmdstat.jsp` discloses the administrator password in a trivially reversible obfuscated form. The same obfuscation method persists in configuration prior to 200.18.7.1.302, allowing anyone who obtains the system configuration to recover the plaintext credentials.

Vendor

Ruckuswireless

Product

Ruckus Unleashed

CWE

CWE-555

Yayın Tarihi

2025-07-21 15:15:28

Güncelleme

2025-08-05 17:18:27

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-555 Ruckus Unleashed MEDIUM Ruckuswireless 2025

Referanslar

https://sector7.computest.nl/post/2025-07-ruckus-unleashed/ https://support.ruckuswireless.com/security_bulletins/330

Benzer Kayıtlar

Medium

CVE-2025-63735

A reflected Cross site scripting (XSS) vulnerability in Ruckus Unleashed 200.13.6.1.319 via the name parameter to the th…

Critical

CVE-2025-46120

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDir…

Critical

CVE-2025-46121

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the functions `…

Critical

CVE-2025-46122

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the authenticat…

High

CVE-2025-46123

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDir…

High

CVE-2025-46116

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDir…