CVE-2025-46118
Severity CVSS v4.0:
Pending analysis
Type:
CWE-284
Improper Access Control
Publication date:
21/07/2025
Last modified:
05/08/2025
Description
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279, where hard-coded credentials for the ftpuser account provide FTP access to the controller, enabling a remote attacker to upload or retrieve arbitrary files from writable firmware directories and thereby expose sensitive information or compromise the controller.
Impact
Base Score 3.x
5.30
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:* | 200.15.6.212.14 (excluding) | |
| cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:* | 200.17 (including) | 200.17.7.0.139 (excluding) |
| cpe:2.3:a:ruckuswireless:ruckus_zonedirector:*:*:*:*:*:*:*:* | 10.5.1.0.279 (excluding) | |
| cpe:2.3:h:commscope:ruckus_c110:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:commscope:ruckus_e510:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:commscope:ruckus_h320:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:commscope:ruckus_h350:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:commscope:ruckus_h510:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:commscope:ruckus_h550:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:commscope:ruckus_m510:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:commscope:ruckus_m510-jp:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:commscope:ruckus_r310:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:commscope:ruckus_r320:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:commscope:ruckus_r350:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:commscope:ruckus_r350e:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page