Commscope Ruckus Vriot vulnerabilities
2 known vulnerabilities affecting commscope/ruckus_vriot.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
2
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2020-26879P1CRITICALCVSS 9.8ExploitedPoC≤ 1.5.1.0.212020-10-26
CVE-2020-26879 [CRITICAL] CWE-798 CVE-2020-26879: Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An una
Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An unauthenticated attacker can interact with the service API by using a backdoor value as the Authorization header.
nvd
CVE-2020-26878P1HIGHCVSS 8.8ExploitedPoC≤ 1.5.1.0.212020-10-26
CVE-2020-26878 [HIGH] CWE-78 CVE-2020-26878: Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit
Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API (/service/v1/createUser endpoint), injecting arbitrary commands that will be executed as root user via web.py.
nvd