CVE-2021-4474
Received
Received - Intake
Arbitrary File Read in Ruckus AP CLI Exposes Sensitive Data
Vulnerability report for CVE-2021-4474, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-03-26
Last updated on: 2026-03-26
Assigner: VulnCheck
Description
Description
Ruckus Access Point products contain an arbitrary file read vulnerability in the command-line interface that allows authenticated remote attackers with administrative privileges to read arbitrary files from the underlying filesystem. Attackers can exploit this vulnerability to access sensitive information including configuration files, credentials, and system data stored on the device.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ruckus | unleashed | * |
| ruckus | smartzone_100 | * |
| ruckus | smartzone_100-d | * |
| ruckus | smartzone_144 | * |
| ruckus | smartzone_144-dataplane | * |
| ruckus | smartzone_300 | * |
| ruckus | zonedirector_1200 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-552 | The product makes files or directories accessible to unauthorized actors, even though they should not be. |