Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-46119

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where an authenticated request to the management endpoint `/admin/_cmdstat.jsp` discloses the administrator password in a trivially reversible obfuscated form. The same obfuscation method persists in configuration prior to 200.18.7.1.302, allowing anyone who obtains the system configuration to recover the plaintext credentials.

Published

2025-07-21T15:15:28.047

Last Modified

2025-08-05T17:18:27.460

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-555

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ruckuswireless	ruckus_unleashed	< 200.15.6.212.14	Yes
Application	ruckuswireless	ruckus_unleashed	< 200.17.7.0.139	Yes
Application	ruckuswireless	ruckus_zonedirector	< 10.5.1.0.279	Yes
Hardware	commscope	ruckus_c110	-	No
Hardware	commscope	ruckus_e510	-	No
Hardware	commscope	ruckus_h320	-	No
Hardware	commscope	ruckus_h350	-	No
Hardware	commscope	ruckus_h510	-	No
Hardware	commscope	ruckus_h550	-	No
Hardware	commscope	ruckus_m510	-	No
Hardware	commscope	ruckus_m510-jp	-	No
Hardware	commscope	ruckus_r310	-	No
Hardware	commscope	ruckus_r320	-	No
Hardware	commscope	ruckus_r350	-	No
Hardware	commscope	ruckus_r350e	-	No
Hardware	commscope	ruckus_r510	-	No
Hardware	commscope	ruckus_r550	-	No
Hardware	commscope	ruckus_r560	-	No
Hardware	commscope	ruckus_r610	-	No
Hardware	commscope	ruckus_r650	-	No
Hardware	commscope	ruckus_r670	-	No
Hardware	commscope	ruckus_r710	-	No
Hardware	commscope	ruckus_r720	-	No
Hardware	commscope	ruckus_r730	-	No
Hardware	commscope	ruckus_r750	-	No
Hardware	commscope	ruckus_r760	-	No
Hardware	commscope	ruckus_r770	-	No
Hardware	commscope	ruckus_r850	-	No
Hardware	commscope	ruckus_t310c	-	No
Hardware	commscope	ruckus_t310n	-	No
Hardware	commscope	ruckus_t310s	-	No
Hardware	commscope	ruckus_t350c	-	No
Hardware	commscope	ruckus_t350d	-	No
Hardware	commscope	ruckus_t350se	-	No
Hardware	commscope	ruckus_t610	-	No
Hardware	commscope	ruckus_t670	-	No
Hardware	commscope	ruckus_t710	-	No
Hardware	commscope	ruckus_t710s	-	No
Hardware	commscope	ruckus_t750	-	No
Hardware	commscope	ruckus_t750se	-	No
Hardware	commscope	ruckus_t811-cm	-	No
Hardware	commscope	ruckus_t811-cm_\(non-sfp\)	-	No
Hardware	commscope	zonedirector_1200	-	No

References

https://sector7.computest.nl/post/2025-07-ruckus-unleashed/ Exploit, Third Party Advisory ([email protected])
https://support.ruckuswireless.com/security_bulletins/330 Product ([email protected])