CVE-2025-46121

Name of the Vulnerable Software and Affected Versions CommScope Ruckus Unleashed versions prior to 200.15.6.212.14 CommScope Ruckus Unleashed versions prior to 200.17.7.0.139

Description An issue exists where the functions stamgr cfg adpt addStaFavourite and stamgr cfg adpt addStaIot improperly handle client hostnames passed to snprintf as a format string. An attacker can exploit this flaw by sending a crafted request to the authenticated endpoint /admin/ conf.jsp, or by spoofing the MAC address of a favourite station and embedding malicious format specifiers in the DHCP hostname field. This can lead to unauthenticated format-string processing and arbitrary code execution on the controller.

Recommendations CommScope Ruckus Unleashed versions prior to 200.15.6.212.14: Update to version 200.15.6.212.14 or later. CommScope Ruckus Unleashed versions prior to 200.17.7.0.139: Update to version 200.17.7.0.139 or later.