CVE-2025-46119
BaseFortify
Publication date: 2025-07-21
Last updated on: 2025-08-05
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ruckuswireless | ruckus_unleashed | to 200.15.6.212.14 (exc) |
| ruckuswireless | ruckus_unleashed | From 200.17 (inc) to 200.17.7.0.139 (exc) |
| ruckuswireless | ruckus_zonedirector | to 10.5.1.0.279 (exc) |
| commscope | ruckus_c110 | * |
| commscope | ruckus_e510 | * |
| commscope | ruckus_h320 | * |
| commscope | ruckus_h350 | * |
| commscope | ruckus_h510 | * |
| commscope | ruckus_h550 | * |
| commscope | ruckus_m510 | * |
| commscope | ruckus_m510-jp | * |
| commscope | ruckus_r310 | * |
| commscope | ruckus_r320 | * |
| commscope | ruckus_r350 | * |
| commscope | ruckus_r350e | * |
| commscope | ruckus_r510 | * |
| commscope | ruckus_r550 | * |
| commscope | ruckus_r560 | * |
| commscope | ruckus_r610 | * |
| commscope | ruckus_r650 | * |
| commscope | ruckus_r670 | * |
| commscope | ruckus_r710 | * |
| commscope | ruckus_r720 | * |
| commscope | ruckus_r730 | * |
| commscope | ruckus_r750 | * |
| commscope | ruckus_r760 | * |
| commscope | ruckus_r770 | * |
| commscope | ruckus_r850 | * |
| commscope | ruckus_t310c | * |
| commscope | ruckus_t310n | * |
| commscope | ruckus_t310s | * |
| commscope | ruckus_t350c | * |
| commscope | ruckus_t350d | * |
| commscope | ruckus_t350se | * |
| commscope | ruckus_t610 | * |
| commscope | ruckus_t670 | * |
| commscope | ruckus_t710 | * |
| commscope | ruckus_t710s | * |
| commscope | ruckus_t750 | * |
| commscope | ruckus_t750se | * |
| commscope | ruckus_t811-cm | * |
| commscope | ruckus_t811-cm_\(non-sfp\) | * |
| commscope | zonedirector_1200 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-555 | The J2EE application stores a plaintext password in a configuration file. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in CommScope Ruckus Unleashed prior to version 200.15.6.12.304 allows an authenticated user to access the management endpoint `/admin/_cmdstat.jsp` and obtain the administrator password in a form that is obfuscated but can be easily reversed to reveal the plaintext password. Additionally, in versions prior to 200.18.7.1.302, the same weak obfuscation method is used in the system configuration, meaning anyone who obtains the configuration file can recover the administrator's plaintext credentials.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to the administrator account if an attacker is able to authenticate or obtain the system configuration. Since the administrator password can be easily recovered from the obfuscated form, it compromises the security of the device, potentially allowing attackers to take control of the system, change configurations, or disrupt network operations.