CVE-2025-46119

Sažetak

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.12.304, where an authenticated request to the management endpoint `/admin/_cmdstat.jsp` discloses the administrator password in a trivially reversible obfuscated form. The same obfuscation method persists in configuration prior to 200.18.7.1.302, allowing anyone who obtains the system configuration to recover the plaintext credentials.

Reference

http://commscope.com
https://sector7.computest.nl/post/2025-07-ruckus-unleashed/
https://support.ruckuswireless.com/security_bulletins/330

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

21-07-2025 - 15:15

Objavljeno

21-07-2025 - 15:15