Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-46116

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command `!v54!` via a management API call and then invoke it to escape the restricted shell and obtain a root shell on the controller.

Published

2025-07-21T15:15:27.690

Last Modified

2025-08-05T17:17:40.227

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-250
CWE-269

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ruckuswireless	ruckus_unleashed	< 200.15.6.212.14	Yes
Application	ruckuswireless	ruckus_unleashed	< 200.17.7.0.139	Yes
Application	ruckuswireless	ruckus_zonedirector	< 10.5.1.0.279	Yes
Hardware	commscope	ruckus_c110	-	No
Hardware	commscope	ruckus_e510	-	No
Hardware	commscope	ruckus_h320	-	No
Hardware	commscope	ruckus_h350	-	No
Hardware	commscope	ruckus_h510	-	No
Hardware	commscope	ruckus_h550	-	No
Hardware	commscope	ruckus_m510	-	No
Hardware	commscope	ruckus_m510-jp	-	No
Hardware	commscope	ruckus_r310	-	No
Hardware	commscope	ruckus_r320	-	No
Hardware	commscope	ruckus_r350	-	No
Hardware	commscope	ruckus_r350e	-	No
Hardware	commscope	ruckus_r510	-	No
Hardware	commscope	ruckus_r550	-	No
Hardware	commscope	ruckus_r560	-	No
Hardware	commscope	ruckus_r610	-	No
Hardware	commscope	ruckus_r650	-	No
Hardware	commscope	ruckus_r670	-	No
Hardware	commscope	ruckus_r710	-	No
Hardware	commscope	ruckus_r720	-	No
Hardware	commscope	ruckus_r730	-	No
Hardware	commscope	ruckus_r750	-	No
Hardware	commscope	ruckus_r760	-	No
Hardware	commscope	ruckus_r770	-	No
Hardware	commscope	ruckus_r850	-	No
Hardware	commscope	ruckus_t310c	-	No
Hardware	commscope	ruckus_t310n	-	No
Hardware	commscope	ruckus_t310s	-	No
Hardware	commscope	ruckus_t350c	-	No
Hardware	commscope	ruckus_t350d	-	No
Hardware	commscope	ruckus_t350se	-	No
Hardware	commscope	ruckus_t610	-	No
Hardware	commscope	ruckus_t670	-	No
Hardware	commscope	ruckus_t710	-	No
Hardware	commscope	ruckus_t710s	-	No
Hardware	commscope	ruckus_t750	-	No
Hardware	commscope	ruckus_t750se	-	No
Hardware	commscope	ruckus_t811-cm	-	No
Hardware	commscope	ruckus_t811-cm_\(non-sfp\)	-	No
Hardware	commscope	zonedirector_1200	-	No

References

https://sector7.computest.nl/post/2025-07-ruckus-unleashed/ Exploit, Third Party Advisory ([email protected])
https://support.ruckuswireless.com/security_bulletins/330 Product ([email protected])