CVE-2025-46116

HIGH EPSS 38.1%
Published Jul 21, 202511mo ago · Modified Jun 17, 20262w ago
8.8 CVSS 3.1
High
Find Similar
Published Jul 21, 2025 11mo ago
Last Modified Jun 17, 2026 2w ago

Description

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command `!v54!` via a management API call and then invoke it to escape the restricted shell and obtain a root shell on the controller.

CVSS Details

Base Score
8.8
Exploitability
2.8
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
38.1% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 2

CWE-250
CWE-269 Improper Privilege Management Authorization

Affected Products 43

VendorProductVersionRange
ruckuswirelessruckus_unleashed* <200.15.6.212.14
ruckuswirelessruckus_unleashed*≥200.17  –  <200.17.7.0.139
ruckuswirelessruckus_zonedirector* <10.5.1.0.279
commscoperuckus_c110*any
commscoperuckus_e510*any
commscoperuckus_h320*any
commscoperuckus_h350*any
commscoperuckus_h510*any
commscoperuckus_h550*any
commscoperuckus_m510*any
commscoperuckus_m510-jp*any
commscoperuckus_r310*any
commscoperuckus_r320*any
commscoperuckus_r350*any
commscoperuckus_r350e*any
commscoperuckus_r510*any
commscoperuckus_r550*any
commscoperuckus_r560*any
commscoperuckus_r610*any
commscoperuckus_r650*any
commscoperuckus_r670*any
commscoperuckus_r710*any
commscoperuckus_r720*any
commscoperuckus_r730*any
commscoperuckus_r750*any
commscoperuckus_r760*any
commscoperuckus_r770*any
commscoperuckus_r850*any
commscoperuckus_t310c*any
commscoperuckus_t310n*any
commscoperuckus_t310s*any
commscoperuckus_t350c*any
commscoperuckus_t350d*any
commscoperuckus_t350se*any
commscoperuckus_t610*any
commscoperuckus_t670*any
commscoperuckus_t710*any
commscoperuckus_t710s*any
commscoperuckus_t750*any
commscoperuckus_t750se*any
commscoperuckus_t811-cm*any
commscoperuckus_t811-cm_\(non-sfp\)*any
commscopezonedirector_1200*any

References 2

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.