CVE-2025-46116

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CommScope Ruckus Unleashed versions prior to 200.15.6.212.14 and 200.17.7.0.139 CommScope Ruckus ZoneDirector versions prior to 10.5.1.0.279

Description An authenticated attacker can disable the passphrase requirement for a hidden CLI command !v54! via a management API call. Subsequently, the attacker can invoke the command to escape the restricted shell and obtain a root shell on the controller.

Recommendations CommScope Ruckus Unleashed versions prior to 200.15.6.212.14 and 200.17.7.0.139 should be updated to version 200.15.6.212.14 or 200.17.7.0.139 or later. CommScope Ruckus ZoneDirector versions prior to 10.5.1.0.279 should be updated to version 10.5.1.0.279 or later.

Exploit

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269CWE-250

Related Identifiers

CVE-2025-46116

Affected Products

Ruckus Unleashed

Ruckus Zonedirector

CVE-2025-46116

Weakness Enumeration

Related Identifiers

Affected Products

References · 9