CVE-2020-26879

Severity CVSS v4.0:
Pending analysis
Type:
CWE-798 Use of Hard-coded Credentials
Publication date:
26/10/2020
Last modified:
02/11/2020

Description

Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An unauthenticated attacker can interact with the service API by using a backdoor value as the Authorization header.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:commscope:ruckus_vriot:*:*:*:*:*:*:*:* 1.5.1.0.21 (including)
cpe:2.3:h:commscope:ruckus_iot_module:-:*:*:*:*:*:*:*