CVE-2021-4474

Summary

Ruckus Access Point products contain an arbitrary file read vulnerability in the command-line interface that allows authenticated remote attackers with administrative privileges to read arbitrary files from the underlying filesystem. Attackers can exploit this vulnerability to access sensitive information including configuration files, credentials, and system data stored on the device.

Affected Software

VendorProductVersion RangeStatus
Ruckus WirelessRUCKUS Access Point0affected
RuckusRUCKUS Unleashed0affected
RuckusSmartZone 100 (SZ-100) (EOL)0affected
RuckusSmartZone 100-D (SZ100-D) (EOL)0affected
RuckusSmartZone 144 (SZ-144)0affected
RuckusSmartZone 144-Dataplane (SZ144-D)0affected
RuckusSmartZone 300 (SZ300) (EOL)0affected
RuckusZoneDirector 1200 (EOL)0affected

Weaknesses

  • CWE-552: CWE-552 Files or Directories Accessible to External Parties

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References