CommScope Ruckus IoT Controller Unauthenticated Service Details Disclosure CVE-2021-33221

Details
Stay Up To Date
Asset Type

DOMAIN,IP,URL

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

10

CommScope Ruckus IoT Controller Unauthenticated Service Details Disclosure CVE-2021-33221 Detail

CommScope Ruckus IoT Controller allows system and configuration information disclosure vulnerability.

A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";" which enables an unauthenticated attacker to execute arbitrary OS commands.

Some Advice for Common Problems

Access restrictions should be applied.

Need a Full Assessment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service