Description

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the authenticated diagnostics API endpoint `/admin/_cmdstat.jsp` passes attacker-controlled input to the shell without adequate validation, enabling a remote attacker to specify a target by MAC address and execute arbitrary commands as root.

INFO

Published Date :

2025-07-21T00:00:00.000Z

Last Modified :

2025-07-23T17:16:46.566Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-46122 vulnerability.

Vendors Products
Commscope
  • Ruckus C110
  • Ruckus E510
  • Ruckus H320
  • Ruckus H350
  • Ruckus H510
  • Ruckus H550
  • Ruckus M510
  • Ruckus M510-jp
  • Ruckus R310
  • Ruckus R320
  • Ruckus R350
  • Ruckus R350e
  • Ruckus R510
  • Ruckus R550
  • Ruckus R560
  • Ruckus R610
  • Ruckus R650
  • Ruckus R670
  • Ruckus R710
  • Ruckus R720
  • Ruckus R730
  • Ruckus R750
  • Ruckus R760
  • Ruckus R770
  • Ruckus R850
  • Ruckus T310c
  • Ruckus T310n
  • Ruckus T310s
  • Ruckus T350c
  • Ruckus T350d
  • Ruckus T350se
  • Ruckus T610
  • Ruckus T670
  • Ruckus T710
  • Ruckus T710s
  • Ruckus T750
  • Ruckus T750se
  • Ruckus T811-cm
  • Ruckus T811-cm \(non-sfp\)
  • Zonedirector 1200
Ruckuswireless
  • Ruckus Unleashed
  • Ruckus Zonedirector
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-46122.

URL Resource
https://sector7.computest.nl/post/2025-07-ruckus-unleashed/ cve-icon cve-icon
https://support.ruckuswireless.com/security_bulletins/330 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact