CVE-2025-46119 - Vulnerability Details

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where an authenticated request to the management endpoint `/admin/_cmdstat.jsp` discloses the administrator password in a trivially reversible obfuscated form. The same obfuscation method persists in configuration prior to 200.18.7.1.302, allowing anyone who obtains the system configuration to recover the plaintext credentials.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Commscope	Ruckus C110 Ruckus E510 Ruckus H320 Ruckus H350 Ruckus H510 Ruckus H550 Ruckus M510 Ruckus M510-jp Ruckus R310 Ruckus R320 Ruckus R350 Ruckus R350e Ruckus R510 Ruckus R550 Ruckus R560 Ruckus R610 Ruckus R650 Ruckus R670 Ruckus R710 Ruckus R720 Ruckus R730 Ruckus R750 Ruckus R760 Ruckus R770 Ruckus R850 Ruckus T310c Ruckus T310n Ruckus T310s Ruckus T350c Ruckus T350d Ruckus T350se Ruckus T610 Ruckus T670 Ruckus T710 Ruckus T710s Ruckus T750 Ruckus T750se Ruckus T811-cm Ruckus T811-cm \(non-sfp\) Zonedirector 1200
Ruckuswireless	Ruckus Unleashed Ruckus Zonedirector

Configuration 1 [-]

AND

OR	cpe:2.3:a:ruckuswireless:ruckus_unleashed::::::::
	cpe:2.3:a:ruckuswireless:ruckus_unleashed::::::::
	cpe:2.3:a:ruckuswireless:ruckus_zonedirector::::::::

OR	cpe:2.3:h:commscope:ruckus_c110:-:::::::*
	cpe:2.3:h:commscope:ruckus_e510:-:::::::*
	cpe:2.3:h:commscope:ruckus_h320:-:::::::*
	cpe:2.3:h:commscope:ruckus_h350:-:::::::*
	cpe:2.3:h:commscope:ruckus_h510:-:::::::*
	cpe:2.3:h:commscope:ruckus_h550:-:::::::*
	cpe:2.3:h:commscope:ruckus_m510:-:::::::*
	cpe:2.3:h:commscope:ruckus_m510-jp:-:::::::*
	cpe:2.3:h:commscope:ruckus_r310:-:::::::*
	cpe:2.3:h:commscope:ruckus_r320:-:::::::*
	cpe:2.3:h:commscope:ruckus_r350:-:::::::*
	cpe:2.3:h:commscope:ruckus_r350e:-:::::::*
	cpe:2.3:h:commscope:ruckus_r510:-:::::::*
	cpe:2.3:h:commscope:ruckus_r550:-:::::::*
	cpe:2.3:h:commscope:ruckus_r560:-:::::::*
	cpe:2.3:h:commscope:ruckus_r610:-:::::::*
	cpe:2.3:h:commscope:ruckus_r650:-:::::::*
	cpe:2.3:h:commscope:ruckus_r670:-:::::::*
	cpe:2.3:h:commscope:ruckus_r710:-:::::::*
	cpe:2.3:h:commscope:ruckus_r720:-:::::::*
	cpe:2.3:h:commscope:ruckus_r730:-:::::::*
	cpe:2.3:h:commscope:ruckus_r750:-:::::::*
	cpe:2.3:h:commscope:ruckus_r760:-:::::::*
	cpe:2.3:h:commscope:ruckus_r770:-:::::::*
	cpe:2.3:h:commscope:ruckus_r850:-:::::::*
	cpe:2.3:h:commscope:ruckus_t310c:-:::::::*
	cpe:2.3:h:commscope:ruckus_t310n:-:::::::*
	cpe:2.3:h:commscope:ruckus_t310s:-:::::::*
	cpe:2.3:h:commscope:ruckus_t350c:-:::::::*
	cpe:2.3:h:commscope:ruckus_t350d:-:::::::*
	cpe:2.3:h:commscope:ruckus_t350se:-:::::::*
	cpe:2.3:h:commscope:ruckus_t610:-:::::::*
	cpe:2.3:h:commscope:ruckus_t670:-:::::::*
	cpe:2.3:h:commscope:ruckus_t710:-:::::::*
	cpe:2.3:h:commscope:ruckus_t710s:-:::::::*
	cpe:2.3:h:commscope:ruckus_t750:-:::::::*
	cpe:2.3:h:commscope:ruckus_t750se:-:::::::*
	cpe:2.3:h:commscope:ruckus_t811-cm:-:::::::*
	cpe:2.3:h:commscope:ruckus_t811-cm_\(non-sfp\):-:::::::*
	cpe:2.3:h:commscope:zonedirector_1200:-:::::::*

No data.

References

Link	Providers
https://sector7.computest.nl/post/2025-07-ruckus-unleashed/
https://support.ruckuswireless.com/security_bulletins/330

History

Tue, 05 Aug 2025 17:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Commscope Commscope ruckus C110 Commscope ruckus E510 Commscope ruckus H320 Commscope ruckus H350 Commscope ruckus H510 Commscope ruckus H550 Commscope ruckus M510 Commscope ruckus M510-jp Commscope ruckus R310 Commscope ruckus R320 Commscope ruckus R350 Commscope ruckus R350e Commscope ruckus R510 Commscope ruckus R550 Commscope ruckus R560 Commscope ruckus R610 Commscope ruckus R650 Commscope ruckus R670 Commscope ruckus R710 Commscope ruckus R720 Commscope ruckus R730 Commscope ruckus R750 Commscope ruckus R760 Commscope ruckus R770 Commscope ruckus R850 Commscope ruckus T310c Commscope ruckus T310n Commscope ruckus T310s Commscope ruckus T350c Commscope ruckus T350d Commscope ruckus T350se Commscope ruckus T610 Commscope ruckus T670 Commscope ruckus T710 Commscope ruckus T710s Commscope ruckus T750 Commscope ruckus T750se Commscope ruckus T811-cm Commscope ruckus T811-cm \(non-sfp\) Commscope zonedirector 1200 Ruckuswireless Ruckuswireless ruckus Unleashed Ruckuswireless ruckus Zonedirector
CPEs		cpe:2.3:a:ruckuswireless:ruckus_unleashed:::::::: cpe:2.3:a:ruckuswireless:ruckus_zonedirector:::::::: cpe:2.3:h:commscope:ruckus_c110:-:::::::* cpe:2.3:h:commscope:ruckus_e510:-:::::::* cpe:2.3:h:commscope:ruckus_h320:-:::::::* cpe:2.3:h:commscope:ruckus_h350:-:::::::* cpe:2.3:h:commscope:ruckus_h510:-:::::::* cpe:2.3:h:commscope:ruckus_h550:-:::::::* cpe:2.3:h:commscope:ruckus_m510-jp:-:::::::* cpe:2.3:h:commscope:ruckus_m510:-:::::::* cpe:2.3:h:commscope:ruckus_r310:-:::::::* cpe:2.3:h:commscope:ruckus_r320:-:::::::* cpe:2.3:h:commscope:ruckus_r350:-:::::::* cpe:2.3:h:commscope:ruckus_r350e:-:::::::* cpe:2.3:h:commscope:ruckus_r510:-:::::::* cpe:2.3:h:commscope:ruckus_r550:-:::::::* cpe:2.3:h:commscope:ruckus_r560:-:::::::* cpe:2.3:h:commscope:ruckus_r610:-:::::::* cpe:2.3:h:commscope:ruckus_r650:-:::::::* cpe:2.3:h:commscope:ruckus_r670:-:::::::* cpe:2.3:h:commscope:ruckus_r710:-:::::::* cpe:2.3:h:commscope:ruckus_r720:-:::::::* cpe:2.3:h:commscope:ruckus_r730:-:::::::* cpe:2.3:h:commscope:ruckus_r750:-:::::::* cpe:2.3:h:commscope:ruckus_r760:-:::::::* cpe:2.3:h:commscope:ruckus_r770:-:::::::* cpe:2.3:h:commscope:ruckus_r850:-:::::::* cpe:2.3:h:commscope:ruckus_t310c:-:::::::* cpe:2.3:h:commscope:ruckus_t310n:-:::::::* cpe:2.3:h:commscope:ruckus_t310s:-:::::::* cpe:2.3:h:commscope:ruckus_t350c:-:::::::* cpe:2.3:h:commscope:ruckus_t350d:-:::::::* cpe:2.3:h:commscope:ruckus_t350se:-:::::::* cpe:2.3:h:commscope:ruckus_t610:-:::::::* cpe:2.3:h:commscope:ruckus_t670:-:::::::* cpe:2.3:h:commscope:ruckus_t710:-:::::::* cpe:2.3:h:commscope:ruckus_t710s:-:::::::* cpe:2.3:h:commscope:ruckus_t750:-:::::::* cpe:2.3:h:commscope:ruckus_t750se:-:::::::* cpe:2.3:h:commscope:ruckus_t811-cm:-:::::::* cpe:2.3:h:commscope:ruckus_t811-cm_\(non-sfp\):-:::::::* cpe:2.3:h:commscope:zonedirector_1200:-:::::::*
Vendors & Products		Commscope Commscope ruckus C110 Commscope ruckus E510 Commscope ruckus H320 Commscope ruckus H350 Commscope ruckus H510 Commscope ruckus H550 Commscope ruckus M510 Commscope ruckus M510-jp Commscope ruckus R310 Commscope ruckus R320 Commscope ruckus R350 Commscope ruckus R350e Commscope ruckus R510 Commscope ruckus R550 Commscope ruckus R560 Commscope ruckus R610 Commscope ruckus R650 Commscope ruckus R670 Commscope ruckus R710 Commscope ruckus R720 Commscope ruckus R730 Commscope ruckus R750 Commscope ruckus R760 Commscope ruckus R770 Commscope ruckus R850 Commscope ruckus T310c Commscope ruckus T310n Commscope ruckus T310s Commscope ruckus T350c Commscope ruckus T350d Commscope ruckus T350se Commscope ruckus T610 Commscope ruckus T670 Commscope ruckus T710 Commscope ruckus T710s Commscope ruckus T750 Commscope ruckus T750se Commscope ruckus T811-cm Commscope ruckus T811-cm \(non-sfp\) Commscope zonedirector 1200 Ruckuswireless Ruckuswireless ruckus Unleashed Ruckuswireless ruckus Zonedirector

Wed, 23 Jul 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 22 Jul 2025 17:45:00 +0000

Type	Values Removed	Values Added
Description	An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.12.304, where an authenticated request to the management endpoint `/admin/_cmdstat.jsp` discloses the administrator password in a trivially reversible obfuscated form. The same obfuscation method persists in configuration prior to 200.18.7.1.302, allowing anyone who obtains the system configuration to recover the plaintext credentials.	An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where an authenticated request to the management endpoint `/admin/_cmdstat.jsp` discloses the administrator password in a trivially reversible obfuscated form. The same obfuscation method persists in configuration prior to 200.18.7.1.302, allowing anyone who obtains the system configuration to recover the plaintext credentials.

Tue, 22 Jul 2025 17:30:00 +0000

Type	Values Removed	Values Added
References	http://commscope.com

Tue, 22 Jul 2025 16:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-555
Metrics		cvssV3_1 `{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 21 Jul 2025 14:45:00 +0000

Type	Values Removed	Values Added
Description		An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.12.304, where an authenticated request to the management endpoint `/admin/_cmdstat.jsp` discloses the administrator password in a trivially reversible obfuscated form. The same obfuscation method persists in configuration prior to 200.18.7.1.302, allowing anyone who obtains the system configuration to recover the plaintext credentials.
References		http://commscope.com https://sector7.computest.nl/post/2025-07-ruckus-unleashed/ https://support.ruckuswireless.com/security_bulletins/330

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2025-07-21T00:00:00.000Z

Updated: 2025-07-23T17:19:32.729Z

Reserved: 2025-04-22T00:00:00.000Z

Link: CVE-2025-46119

Vulnrichment

Updated: 2025-07-22T15:56:52.692Z

NVD

Status : Analyzed

Published: 2025-07-21T15:15:28.047

Modified: 2025-08-05T17:18:27.460

Link: CVE-2025-46119

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object