Vulnerabilities (CVE)

Filtered by vendor Commscope Subscribe
Filtered by product Ruckus Iot Module
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-26879 1 Commscope 2 Ruckus Iot Module, Ruckus Vriot 2024-11-21 10.0 HIGH 9.8 CRITICAL
Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An unauthenticated attacker can interact with the service API by using a backdoor value as the Authorization header.
CVE-2020-26878 1 Commscope 2 Ruckus Iot Module, Ruckus Vriot 2024-11-21 9.0 HIGH 8.8 HIGH
Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API (/service/v1/createUser endpoint), injecting arbitrary commands that will be executed as root user via web.py.