Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2025-46121
Analyzed
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-21 Jul, 2025 | 15:15
Updated At-05 Aug, 2025 | 17:18

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the functions `stamgr_cfg_adpt_addStaFavourite` and `stamgr_cfg_adpt_addStaIot` pass a client hostname directly to snprintf as the format string. A remote attacker can exploit this flaw either by sending a crafted request to the authenticated endpoint `/admin/_conf.jsp`, or without authentication and without direct network access to the controller by spoofing the MAC address of a favourite station and embedding malicious format specifiers in the DHCP hostname field, resulting in unauthenticated format-string processing and arbitrary code execution on the controller.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
ruckuswireless
ruckuswireless
>>ruckus_unleashed>>Versions before 200.15.6.212.14(exclusive)
cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*
ruckuswireless
ruckuswireless
>>ruckus_unleashed>>Versions from 200.17(inclusive) to 200.17.7.0.139(exclusive)
cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*
ruckuswireless
ruckuswireless
>>ruckus_zonedirector>>Versions before 10.5.1.0.279(exclusive)
cpe:2.3:a:ruckuswireless:ruckus_zonedirector:*:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_c110>>-
cpe:2.3:h:commscope:ruckus_c110:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_e510>>-
cpe:2.3:h:commscope:ruckus_e510:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_h320>>-
cpe:2.3:h:commscope:ruckus_h320:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_h350>>-
cpe:2.3:h:commscope:ruckus_h350:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_h510>>-
cpe:2.3:h:commscope:ruckus_h510:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_h550>>-
cpe:2.3:h:commscope:ruckus_h550:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_m510>>-
cpe:2.3:h:commscope:ruckus_m510:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_m510-jp>>-
cpe:2.3:h:commscope:ruckus_m510-jp:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r310>>-
cpe:2.3:h:commscope:ruckus_r310:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r320>>-
cpe:2.3:h:commscope:ruckus_r320:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r350>>-
cpe:2.3:h:commscope:ruckus_r350:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r350e>>-
cpe:2.3:h:commscope:ruckus_r350e:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r510>>-
cpe:2.3:h:commscope:ruckus_r510:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r550>>-
cpe:2.3:h:commscope:ruckus_r550:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r560>>-
cpe:2.3:h:commscope:ruckus_r560:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r610>>-
cpe:2.3:h:commscope:ruckus_r610:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r650>>-
cpe:2.3:h:commscope:ruckus_r650:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r670>>-
cpe:2.3:h:commscope:ruckus_r670:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r710>>-
cpe:2.3:h:commscope:ruckus_r710:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r720>>-
cpe:2.3:h:commscope:ruckus_r720:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r730>>-
cpe:2.3:h:commscope:ruckus_r730:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r750>>-
cpe:2.3:h:commscope:ruckus_r750:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r760>>-
cpe:2.3:h:commscope:ruckus_r760:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r770>>-
cpe:2.3:h:commscope:ruckus_r770:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r850>>-
cpe:2.3:h:commscope:ruckus_r850:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_t310c>>-
cpe:2.3:h:commscope:ruckus_t310c:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_t310n>>-
cpe:2.3:h:commscope:ruckus_t310n:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_t310s>>-
cpe:2.3:h:commscope:ruckus_t310s:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_t350c>>-
cpe:2.3:h:commscope:ruckus_t350c:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_t350d>>-
cpe:2.3:h:commscope:ruckus_t350d:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_t350se>>-
cpe:2.3:h:commscope:ruckus_t350se:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_t610>>-
cpe:2.3:h:commscope:ruckus_t610:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_t670>>-
cpe:2.3:h:commscope:ruckus_t670:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_t710>>-
cpe:2.3:h:commscope:ruckus_t710:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_t710s>>-
cpe:2.3:h:commscope:ruckus_t710s:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_t750>>-
cpe:2.3:h:commscope:ruckus_t750:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_t750se>>-
cpe:2.3:h:commscope:ruckus_t750se:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_t811-cm>>-
cpe:2.3:h:commscope:ruckus_t811-cm:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_t811-cm_\(non-sfp\)>>-
cpe:2.3:h:commscope:ruckus_t811-cm_\(non-sfp\):-:*:*:*:*:*:*:*
commscope
commscope
>>zonedirector_1200>>-
cpe:2.3:h:commscope:zonedirector_1200:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-134Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://sector7.computest.nl/post/2025-07-ruckus-unleashed/cve@mitre.org
Exploit
Third Party Advisory
https://support.ruckuswireless.com/security_bulletins/330cve@mitre.org
Product
Change History
0Changes found
Details not found