FKIE_CVE-2025-46119
Vulnerability from fkie_nvd - Published: 2025-07-21 15:15 - Updated: 2025-08-05 17:18
Severity ?
Summary
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where an authenticated request to the management endpoint `/admin/_cmdstat.jsp` discloses the administrator password in a trivially reversible obfuscated form. The same obfuscation method persists in configuration prior to 200.18.7.1.302, allowing anyone who obtains the system configuration to recover the plaintext credentials.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://sector7.computest.nl/post/2025-07-ruckus-unleashed/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://support.ruckuswireless.com/security_bulletins/330 | Product |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8933A8DB-2169-4969-857D-65FCC5A2687E",
"versionEndExcluding": "200.15.6.212.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF7ACF7-77A1-497E-991F-F8015017FF6B",
"versionEndExcluding": "200.17.7.0.139",
"versionStartIncluding": "200.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_zonedirector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31CEC229-C1CD-471D-93EC-BF4629393864",
"versionEndExcluding": "10.5.1.0.279",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:commscope:ruckus_c110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84B1EC30-ACC3-4141-A149-F2C912AEDC2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_e510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CB277A-B51A-4EF6-9B60-26E42DB466A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDE59EC-811F-4A5E-A4DE-C3289D8A049A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37C8E333-5C44-44BB-842F-FCDA8D8D5831",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CABADA0-2CC3-4218-BE64-7014F21166CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC533A1-7998-4363-9D94-E1472F22DE87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75F9B4E2-6E5B-4C96-A46F-06450BB81E68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510-jp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "028EEF4A-5A5B-4662-A5AA-B027EF66DF2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA2F043-9743-4FC9-AF74-20FAC503C2F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D165B27E-AA69-446F-916F-AF26E30510CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD23474-CBFE-4575-A2DA-431C0D74E2EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r350e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "208776B7-AC2A-445F-A26F-5C072EFEED0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB605D38-A71B-44FF-909D-D34348491EA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54D2D26C-E53C-41E2-9EB7-653CBF5A49E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E547E2A0-86E7-438C-9602-A2ECB247A84C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A5E2C5-E261-4FA6-AB5E-D651110C80CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44C800DC-82C3-4240-B2C0-18433FED4E3B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1677A804-8DE7-4191-8E84-9ADAE9E8269E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22845768-F360-46EC-BB48-2A68A4B6A2C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89E38958-2FEB-4945-81E0-522BD1136D26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r730:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D8F47E7-791A-44E8-A62C-B4D0F4AF80BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2A5668-2EDB-4E93-A4FA-88FCBCC057B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "473AC82B-6A00-4076-A043-E4854DA09C3E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "554AE543-CC27-4109-9F0C-E17BF2A4E22F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E815A2-09BC-4FF8-B38C-8857E626ACA1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0777F3E0-7F95-49B4-B488-5550FF922E9E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A4DF46-52A7-4F47-B9EB-8F3A1D0261DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0D8BF0-5736-44F7-8B9C-6BDCF97FF5C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCA0728-C62C-429B-ABA0-A8F853543A0F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDB7F8C-9DF1-47B4-8E82-95003744CC0B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4ED697-139A-4679-85D5-3992DEA8BB44",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5F3A97-6FC5-4592-8304-43070120AA3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE01A53-D787-4240-BF0F-EDC8BF51D6D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E23CE29C-210E-44C0-B4CF-01F2889B671D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t710s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7A8265-2895-42FF-BF64-76C73CF67112",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29911530-47EC-4865-9965-72D101827F1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C83392A-1656-473F-9F08-C3CC89FDF3FA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t811-cm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C49E0DC-A33C-43F3-9278-5341C1842FA6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t811-cm_\\(non-sfp\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFDE6F6D-DC10-4C72-BDEC-0B1CB7DCCEA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:zonedirector_1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AB4E62C-2532-41A9-9F1E-737D3E4DD008",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where an authenticated request to the management endpoint `/admin/_cmdstat.jsp` discloses the administrator password in a trivially reversible obfuscated form. The same obfuscation method persists in configuration prior to 200.18.7.1.302, allowing anyone who obtains the system configuration to recover the plaintext credentials."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en CommScope Ruckus Unleashed anterior a la versi\u00f3n 200.15.6.12.304, donde una solicitud autenticada al endpoint de administraci\u00f3n `/admin/_cmdstat.jsp` revela la contrase\u00f1a del administrador en una forma ofuscada f\u00e1cilmente reversible. El mismo m\u00e9todo de ofuscaci\u00f3n persiste en la configuraci\u00f3n anterior a la versi\u00f3n 200.18.7.1.302, lo que permite que cualquiera que obtenga la configuraci\u00f3n del sistema recupere las credenciales de texto plano."
}
],
"id": "CVE-2025-46119",
"lastModified": "2025-08-05T17:18:27.460",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-07-21T15:15:28.047",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sector7.computest.nl/post/2025-07-ruckus-unleashed/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://support.ruckuswireless.com/security_bulletins/330"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-555"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…