CVE-2025-46118
BaseFortify
Publication date: 2025-07-21
Last updated on: 2025-08-05
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ruckuswireless | ruckus_unleashed | to 200.15.6.212.14 (exc) |
| ruckuswireless | ruckus_unleashed | From 200.17 (inc) to 200.17.7.0.139 (exc) |
| ruckuswireless | ruckus_zonedirector | to 10.5.1.0.279 (exc) |
| commscope | ruckus_c110 | * |
| commscope | ruckus_e510 | * |
| commscope | ruckus_h320 | * |
| commscope | ruckus_h350 | * |
| commscope | ruckus_h510 | * |
| commscope | ruckus_h550 | * |
| commscope | ruckus_m510 | * |
| commscope | ruckus_m510-jp | * |
| commscope | ruckus_r310 | * |
| commscope | ruckus_r320 | * |
| commscope | ruckus_r350 | * |
| commscope | ruckus_r350e | * |
| commscope | ruckus_r510 | * |
| commscope | ruckus_r550 | * |
| commscope | ruckus_r560 | * |
| commscope | ruckus_r610 | * |
| commscope | ruckus_r650 | * |
| commscope | ruckus_r670 | * |
| commscope | ruckus_r710 | * |
| commscope | ruckus_r720 | * |
| commscope | ruckus_r730 | * |
| commscope | ruckus_r750 | * |
| commscope | ruckus_r760 | * |
| commscope | ruckus_r770 | * |
| commscope | ruckus_r850 | * |
| commscope | ruckus_t310c | * |
| commscope | ruckus_t310n | * |
| commscope | ruckus_t310s | * |
| commscope | ruckus_t350c | * |
| commscope | ruckus_t350d | * |
| commscope | ruckus_t350se | * |
| commscope | ruckus_t610 | * |
| commscope | ruckus_t670 | * |
| commscope | ruckus_t710 | * |
| commscope | ruckus_t710s | * |
| commscope | ruckus_t750 | * |
| commscope | ruckus_t750se | * |
| commscope | ruckus_t811-cm | * |
| commscope | ruckus_t811-cm_\(non-sfp\) | * |
| commscope | zonedirector_1200 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-46118 is a vulnerability in CommScope Ruckus Unleashed and ZoneDirector devices where the FTP service uses hard-coded credentials for the 'ftpuser' account. This fixed password allows remote attackers to access the FTP service and upload or retrieve arbitrary files from writable firmware directories on the controller. This can expose sensitive information or allow attackers to compromise the device by placing malicious files. [1]
How can this vulnerability impact me? :
This vulnerability allows a remote attacker to gain unauthorized FTP access to the device, enabling them to upload or download arbitrary files in writable firmware directories. This can lead to exposure of sensitive information, compromise of the device's integrity, and potentially allow further exploitation such as remote code execution or root shell access when chained with other vulnerabilities. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to connect to the FTP service on the affected Ruckus Unleashed or ZoneDirector controllers using the hard-coded credentials: username 'ftpuser' and password 'Rks@zdap1234'. For example, you can use the command: `ftp ftpuser@<controller_ip>` and then enter the password 'Rks@zdap1234'. If access is granted, the system is vulnerable. Additionally, checking for the presence of writable firmware directories such as '/etc/airespider-images/firmwares' accessible via FTP can indicate vulnerability. Network scanning tools can also be used to detect FTP services running on these devices. No specific commands beyond standard FTP client usage are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the official patches released by CommScope for Ruckus Unleashed and ZoneDirector firmware. Specifically, update to at least firmware versions Unleashed 200.15.6.212.27 or 200.18.7.1.323 and ZoneDirector 10.5.1.0.282 or later. After patching, revoke and regenerate any SSL certificates to mitigate private key exposure risks. Additionally, restrict network access to management interfaces and FTP services where possible, and monitor for unauthorized FTP access attempts. Following these steps will remediate the vulnerability and reduce the risk of exploitation. [1, 2]