CVE-2021-4474
6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Summary
Ruckus Access Point products contain an arbitrary file read vulnerability in the command-line interface that allows authenticated remote attackers with administrative privileges to read arbitrary files from the underlying filesystem. Attackers can exploit this vulnerability to access sensitive information including configuration files, credentials, and system data stored on the device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Ruckus Wireless | RUCKUS Access Point | 0 | affected |
| Ruckus | RUCKUS Unleashed | 0 | affected |
| Ruckus | SmartZone 100 (SZ-100) (EOL) | 0 | affected |
| Ruckus | SmartZone 100-D (SZ100-D) (EOL) | 0 | affected |
| Ruckus | SmartZone 144 (SZ-144) | 0 | affected |
| Ruckus | SmartZone 144-Dataplane (SZ144-D) | 0 | affected |
| Ruckus | SmartZone 300 (SZ300) (EOL) | 0 | affected |
| Ruckus | ZoneDirector 1200 (EOL) | 0 | affected |
Weaknesses
- CWE-552: CWE-552 Files or Directories Accessible to External Parties
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://support.ruckuswireless.com/security_bulletins/306
- https://www.vulncheck.com/advisories/ruckus-ap-cli-arbitrary-file-read-allows-authenticated-remote-file-access
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.