Filtered by vendor Commscope Subscriptions
Filtered by product Ruckus Iot Module Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-26879 1 Commscope 2 Ruckus Iot Module, Ruckus Vriot 2024-11-21 9.8 Critical
Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An unauthenticated attacker can interact with the service API by using a backdoor value as the Authorization header.
CVE-2020-26878 1 Commscope 2 Ruckus Iot Module, Ruckus Vriot 2024-11-21 8.8 High
Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API (/service/v1/createUser endpoint), injecting arbitrary commands that will be executed as root user via web.py.