FKIE_CVE-2025-46120
Vulnerability from fkie_nvd - Published: 2025-07-21 15:15 - Updated: 2025-08-05 17:18
Severity ?
Summary
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates outside permitted directories, allowing a remote unauthenticated attacker who can upload a template (e.g., via FTP) to escalate privileges and run arbitrary template code on the controller.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://sector7.computest.nl/post/2025-07-ruckus-unleashed/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://support.ruckuswireless.com/security_bulletins/330 | Product |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8933A8DB-2169-4969-857D-65FCC5A2687E",
"versionEndExcluding": "200.15.6.212.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF7ACF7-77A1-497E-991F-F8015017FF6B",
"versionEndExcluding": "200.17.7.0.139",
"versionStartIncluding": "200.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruckuswireless:ruckus_zonedirector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31CEC229-C1CD-471D-93EC-BF4629393864",
"versionEndExcluding": "10.5.1.0.279",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:commscope:ruckus_c110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84B1EC30-ACC3-4141-A149-F2C912AEDC2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_e510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CB277A-B51A-4EF6-9B60-26E42DB466A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDE59EC-811F-4A5E-A4DE-C3289D8A049A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37C8E333-5C44-44BB-842F-FCDA8D8D5831",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CABADA0-2CC3-4218-BE64-7014F21166CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_h550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC533A1-7998-4363-9D94-E1472F22DE87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75F9B4E2-6E5B-4C96-A46F-06450BB81E68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_m510-jp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "028EEF4A-5A5B-4662-A5AA-B027EF66DF2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA2F043-9743-4FC9-AF74-20FAC503C2F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D165B27E-AA69-446F-916F-AF26E30510CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD23474-CBFE-4575-A2DA-431C0D74E2EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r350e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "208776B7-AC2A-445F-A26F-5C072EFEED0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB605D38-A71B-44FF-909D-D34348491EA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54D2D26C-E53C-41E2-9EB7-653CBF5A49E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E547E2A0-86E7-438C-9602-A2ECB247A84C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A5E2C5-E261-4FA6-AB5E-D651110C80CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44C800DC-82C3-4240-B2C0-18433FED4E3B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1677A804-8DE7-4191-8E84-9ADAE9E8269E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22845768-F360-46EC-BB48-2A68A4B6A2C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89E38958-2FEB-4945-81E0-522BD1136D26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r730:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D8F47E7-791A-44E8-A62C-B4D0F4AF80BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2A5668-2EDB-4E93-A4FA-88FCBCC057B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "473AC82B-6A00-4076-A043-E4854DA09C3E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "554AE543-CC27-4109-9F0C-E17BF2A4E22F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_r850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E815A2-09BC-4FF8-B38C-8857E626ACA1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0777F3E0-7F95-49B4-B488-5550FF922E9E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A4DF46-52A7-4F47-B9EB-8F3A1D0261DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t310s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0D8BF0-5736-44F7-8B9C-6BDCF97FF5C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCA0728-C62C-429B-ABA0-A8F853543A0F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDB7F8C-9DF1-47B4-8E82-95003744CC0B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t350se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4ED697-139A-4679-85D5-3992DEA8BB44",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5F3A97-6FC5-4592-8304-43070120AA3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE01A53-D787-4240-BF0F-EDC8BF51D6D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E23CE29C-210E-44C0-B4CF-01F2889B671D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t710s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7A8265-2895-42FF-BF64-76C73CF67112",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29911530-47EC-4865-9965-72D101827F1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t750se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C83392A-1656-473F-9F08-C3CC89FDF3FA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t811-cm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C49E0DC-A33C-43F3-9278-5341C1842FA6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:ruckus_t811-cm_\\(non-sfp\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFDE6F6D-DC10-4C72-BDEC-0B1CB7DCCEA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:commscope:zonedirector_1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AB4E62C-2532-41A9-9F1E-737D3E4DD008",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates outside permitted directories, allowing a remote unauthenticated attacker who can upload a template (e.g., via FTP) to escalate privileges and run arbitrary template code on the controller."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en CommScope Ruckus Unleashed anterior a 200.14.6.1.203 y en Ruckus ZoneDirector, donde una falla de Path-Traversal en la interfaz web permite que el servidor ejecute plantillas EJS proporcionadas por el atacante fuera de los directorios permitidos, lo que permite que un atacante remoto no autenticado que puede cargar una plantilla (por ejemplo, a trav\u00e9s de FTP) escale privilegios y ejecute c\u00f3digo de plantilla arbitrario en el controlador."
}
],
"id": "CVE-2025-46120",
"lastModified": "2025-08-05T17:18:32.627",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-07-21T15:15:28.157",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sector7.computest.nl/post/2025-07-ruckus-unleashed/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://support.ruckuswireless.com/security_bulletins/330"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…