Main Vulnerability Database Vulnerabilities #VU53642

#VU53642 Use of hard-coded credentials in Ruckus IoT Controller - CVE-2021-33216

Published: May 28, 2021

Vulnerability identifier: #VU53642

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-33216

CWE-ID: CWE-798

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Ruckus IoT Controller

Software vendor:
CommScope

Description

The vulnerability allows a remote attacker to gain full access to vulnerable system.

The vulnerability exists due to presence of hard-coded credentials for an upgrade account. A remote unauthenticated attacker can gain access to the controller via Secure Copy (SCP).

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

External links

https://www.commscope.com/globalassets/digizuite/917216-faq-security-advisory-id-20210525-v1-0.pdf

#VU53642 Use of hard-coded credentials in Ruckus IoT Controller - CVE-2021-33216

Description

Remediation

External links

Please verify you're human