CVE-2025-46123
BaseFortify
Publication date: 2025-07-21
Last updated on: 2025-08-05
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ruckuswireless | ruckus_unleashed | to 200.15.6.212.14 (exc) |
| ruckuswireless | ruckus_unleashed | From 200.17 (inc) to 200.17.7.0.139 (exc) |
| ruckuswireless | ruckus_zonedirector | to 10.5.1.0.279 (exc) |
| commscope | ruckus_c110 | * |
| commscope | ruckus_e510 | * |
| commscope | ruckus_h320 | * |
| commscope | ruckus_h350 | * |
| commscope | ruckus_h510 | * |
| commscope | ruckus_h550 | * |
| commscope | ruckus_m510 | * |
| commscope | ruckus_m510-jp | * |
| commscope | ruckus_r310 | * |
| commscope | ruckus_r320 | * |
| commscope | ruckus_r350 | * |
| commscope | ruckus_r350e | * |
| commscope | ruckus_r510 | * |
| commscope | ruckus_r550 | * |
| commscope | ruckus_r560 | * |
| commscope | ruckus_r610 | * |
| commscope | ruckus_r650 | * |
| commscope | ruckus_r670 | * |
| commscope | ruckus_r710 | * |
| commscope | ruckus_r720 | * |
| commscope | ruckus_r730 | * |
| commscope | ruckus_r750 | * |
| commscope | ruckus_r760 | * |
| commscope | ruckus_r770 | * |
| commscope | ruckus_r850 | * |
| commscope | ruckus_t310c | * |
| commscope | ruckus_t310n | * |
| commscope | ruckus_t310s | * |
| commscope | ruckus_t350c | * |
| commscope | ruckus_t350d | * |
| commscope | ruckus_t350se | * |
| commscope | ruckus_t610 | * |
| commscope | ruckus_t670 | * |
| commscope | ruckus_t710 | * |
| commscope | ruckus_t710s | * |
| commscope | ruckus_t750 | * |
| commscope | ruckus_t750se | * |
| commscope | ruckus_t811-cm | * |
| commscope | ruckus_t811-cm_\(non-sfp\) | * |
| commscope | zonedirector_1200 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-134 | The product uses a function that accepts a format string as an argument, but the format string originates from an external source. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in CommScope Ruckus Unleashed and Ruckus ZoneDirector products where the authenticated configuration endpoint `/admin/_conf.jsp` improperly handles the Wi-Fi guest password. Specifically, it writes the password to memory using snprintf with the attacker-supplied password as the format string. This allows an attacker to craft a password that triggers uncontrolled format-string processing, which can lead to remote code execution on the controller.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to execute arbitrary code remotely on the affected controller by exploiting the format-string processing flaw. This could lead to full compromise of the device, unauthorized access, disruption of network services, or further attacks within the network environment.