PT-2021-20092 · Commscope · Commscope Ruckus Iot Controller

Jim Becher

Published

2021-07-07

Updated

2021-07-09

CVE-2021-33221

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CommScope Ruckus IoT Controller versions 1.7.1.0 and earlier

Description An issue was discovered that involves Unauthenticated API Endpoints.

Recommendations For CommScope Ruckus IoT Controller versions 1.7.1.0 and earlier, consider restricting access to the API endpoints as a temporary workaround until a patch is available.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2021-33221

Affected Products

Commscope Ruckus Iot Controller

PT-2021-20092 · Commscope · Commscope Ruckus Iot Controller

CVE-2021-33221

Weakness Enumeration

Related Identifiers

Affected Products

References · 4