In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user.
The RUCKUS SmartZone application does not properly filter input data in the IP address field provided by a logged-in user. An attacker can place malicious system commands (OS command injection, CWE-78) in this field, which will be executed by the device's operating system. The attack is possible remotely over the network without requiring physical access, and the required privilege level is low (user authentication).
An attacker can gain full control over the device's operating system, including confidentiality, integrity and availability of data and services. Due to the changed scope (Scope:Changed), the exploit may affect other network infrastructure resources beyond the device itself.
RUCKUS SmartZone should be updated to version 6.1.2p3 Refresh Build or later as soon as possible. If immediate update is not possible, restrict access to the SmartZone management interface exclusively to trusted IP addresses and minimize the number of accounts with system access. Details available in the manufacturer's references (Commscope Security Advisory ID 20250710).
RUCKUS SmartZone (SZ) in all versions prior to 6.1.2p3 Refresh Build, affecting Commscope Ruckus E510, Ruckus R560, Ruckus Network Director, Ruckus H320 and Ruckus T310C devices
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HCommscope Ruckus C110
HWCommscopewszystkie wersjeCommscope Ruckus E510
HWCommscopewszystkie wersjeCommscope Ruckus H320
HWCommscopewszystkie wersjeCommscope Ruckus H350
HWCommscopewszystkie wersjeCommscope Ruckus H510
HWCommscopewszystkie wersjeCommscope Ruckus M510
HWCommscopewszystkie wersjeCommscope Ruckus Network Director
APPCommscope< 4.5.0.51Commscope Ruckus R320
HWCommscopewszystkie wersjeCommscope Ruckus R510
HWCommscopewszystkie wersjeCommscope Ruckus R560
HWCommscopewszystkie wersjeCommscope Ruckus R610
HWCommscopewszystkie wersjeCommscope Ruckus R710
HWCommscopewszystkie wersjeCommscope Ruckus R720
HWCommscopewszystkie wersjeCommscope Ruckus R730
HWCommscopewszystkie wersjeCommscope Ruckus R750
HWCommscopewszystkie wersjeCommscope Ruckus Smartzone 100
HWCommscopewszystkie wersjeCommscope Ruckus Smartzone 100 D
HWCommscopewszystkie wersjeCommscope Ruckus Smartzone 144
HWCommscopewszystkie wersjeCommscope Ruckus Smartzone 144 Federal
HWCommscopewszystkie wersjeCommscope Ruckus Smartzone 300
HWCommscopewszystkie wersjeCommscope Ruckus Smartzone 300 Federal
HWCommscopewszystkie wersjeCommscope Ruckus Smartzone Firmware
OSCommscope6.1.27.0.07.1.0< 6.1.2Commscope Ruckus T310c
HWCommscopewszystkie wersjeCommscope Ruckus T310d
HWCommscopewszystkie wersjeCommscope Ruckus T310n
HWCommscopewszystkie wersjeCommscope Ruckus T310s
HWCommscopewszystkie wersjeCommscope Ruckus T350se
HWCommscopewszystkie wersjeCommscope Ruckus T750
HWCommscopewszystkie wersjeCommscope Ruckus T750se
HWCommscopewszystkie wersjeCommscope Ruckus Virtual Smartzone
APPCommscopewszystkie wersje
Related vulnerabilities
Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as de...
Hardcoded credentials w Ruckus Network Director — dostęp do PostgreSQL i RCE
Hardcoded SSH keys w Commscope RUCKUS Network Director (RCE)
Hardcoded SSH private key w RUCKUS SmartZone — dostęp root zdalnie
Hardcodowany klucz JWT w Commscope Ruckus Network Director — spoofing administratora