CVE-2025-46121
BaseFortify
Publication date: 2025-07-21
Last updated on: 2025-08-05
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ruckuswireless | ruckus_unleashed | to 200.15.6.212.14 (exc) |
| ruckuswireless | ruckus_unleashed | From 200.17 (inc) to 200.17.7.0.139 (exc) |
| ruckuswireless | ruckus_zonedirector | to 10.5.1.0.279 (exc) |
| commscope | ruckus_c110 | * |
| commscope | ruckus_e510 | * |
| commscope | ruckus_h320 | * |
| commscope | ruckus_h350 | * |
| commscope | ruckus_h510 | * |
| commscope | ruckus_h550 | * |
| commscope | ruckus_m510 | * |
| commscope | ruckus_m510-jp | * |
| commscope | ruckus_r310 | * |
| commscope | ruckus_r320 | * |
| commscope | ruckus_r350 | * |
| commscope | ruckus_r350e | * |
| commscope | ruckus_r510 | * |
| commscope | ruckus_r550 | * |
| commscope | ruckus_r560 | * |
| commscope | ruckus_r610 | * |
| commscope | ruckus_r650 | * |
| commscope | ruckus_r670 | * |
| commscope | ruckus_r710 | * |
| commscope | ruckus_r720 | * |
| commscope | ruckus_r730 | * |
| commscope | ruckus_r750 | * |
| commscope | ruckus_r760 | * |
| commscope | ruckus_r770 | * |
| commscope | ruckus_r850 | * |
| commscope | ruckus_t310c | * |
| commscope | ruckus_t310n | * |
| commscope | ruckus_t310s | * |
| commscope | ruckus_t350c | * |
| commscope | ruckus_t350d | * |
| commscope | ruckus_t350se | * |
| commscope | ruckus_t610 | * |
| commscope | ruckus_t670 | * |
| commscope | ruckus_t710 | * |
| commscope | ruckus_t710s | * |
| commscope | ruckus_t750 | * |
| commscope | ruckus_t750se | * |
| commscope | ruckus_t811-cm | * |
| commscope | ruckus_t811-cm_\(non-sfp\) | * |
| commscope | zonedirector_1200 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-134 | The product uses a function that accepts a format string as an argument, but the format string originates from an external source. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in CommScope Ruckus Unleashed prior to versions 200.15.6.212.14 and 200.17.7.0.139. The functions stamgr_cfg_adpt_addStaFavourite and stamgr_cfg_adpt_addStaIot improperly use a client hostname directly as a format string in snprintf. An attacker can exploit this by sending a crafted request to an authenticated endpoint or by spoofing a MAC address and embedding malicious format specifiers in the DHCP hostname field, leading to unauthenticated format-string processing and arbitrary code execution on the controller.
How can this vulnerability impact me? :
This vulnerability can allow a remote attacker to execute arbitrary code on the affected controller without authentication, potentially leading to full compromise of the device, unauthorized control, data theft, or disruption of network services.