CVE-2025-46119

21.07.2025, 15:15

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where an authenticated request to the management endpoint `/admin/_cmdstat.jsp` discloses the administrator password in a trivially reversible obfuscated form. The same obfuscation method persists in configuration prior to 200.18.7.1.302, allowing anyone who obtains the system configuration to recover the plaintext credentials.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
mitre	CNA	---				---
CISA-ADP	ADP	6.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 12%

Vendor	Product	Version
ruckuswireless	ruckus_unleashed	𝑥 < 200.15.6.212.14
ruckuswireless	ruckus_unleashed	200.17 ≤ 𝑥 < 200.17.7.0.139
ruckuswireless	ruckus_zonedirector	𝑥 < 10.5.1.0.279

𝑥

= Vulnerable software versions

Known Exploits!

https://sector7.computest.nl/post/2025-07-ruckus-unleashed/

Common Weakness Enumeration

CWE-555 - J2EE Misconfiguration: Plaintext Password in Configuration File
The J2EE application stores a plaintext password in a configuration file.

References

https://sector7.computest.nl/post/2025-07-ruckus-unleashed/

https://support.ruckuswireless.com/security_bulletins/330