CVE-2025-46123 Information
Jul 22, 2025
cve
Description
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279 where the authenticated configuration endpoint /admin/_conf.jsp writes the Wi-Fi guest password to memory with snprintf using the attacker-supplied value as the format string; a crafted password therefore triggers uncontrolled format-string processing and enables remote code execution on the controller.
Reference
http://commscope.com https://sector7.computest.nl/post/2025-07-ruckus-unleashed/ https://support.ruckuswireless.com/security_bulletins/330
Related CNNVD
CNNVD-202507-2658 (Published: 2025-07-21)
Share on: