PT-2025-30285 · Commscope · Ruckus Unleashed+1
René Ammerlaan
·
Published
2025-07-21
·
Updated
2025-07-31
·
CVE-2025-46123
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CommScope Ruckus Unleashed versions prior to 200.15.6.212.14 and 200.17.7.0.139
CommScope Ruckus ZoneDirector versions prior to 10.5.1.0.279
Description
An issue exists where the authenticated configuration endpoint
/admin/ conf.jsp writes the Wi-Fi guest password to memory using snprintf with attacker-supplied data as the format string. This triggers uncontrolled format-string processing, potentially enabling remote code execution on the controller.Recommendations
CommScope Ruckus Unleashed versions prior to 200.15.6.212.14 should be updated.
CommScope Ruckus Unleashed versions prior to 200.17.7.0.139 should be updated.
CommScope Ruckus ZoneDirector versions prior to 10.5.1.0.279 should be updated.
Exploit
Fix
RCE
Use of Externally-Controlled Format String
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ruckus Unleashed
Ruckus Zonedirector