First published: Mon Oct 26 2020(Updated: )
Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API (/service/v1/createUser endpoint), injecting arbitrary commands that will be executed as root user via web.py.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Commscope Ruckus Vriot | <=1.5.1.0.21 | |
Commscope Ruckus Iot Module |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-26878 is a vulnerability affecting Ruckus through 1.5.1.0.21 that allows remote command injection.
CVE-2020-26878 allows an authenticated user to submit a malicious query to the /service/v1/createUser API endpoint, injecting arbitrary commands that will be executed as the root user.
CVE-2020-26878 has a severity rating of 8.8 (critical).
To fix CVE-2020-26878, Commscope Ruckus Vriot users should upgrade to a version beyond 1.5.1.0.21.
No, Commscope Ruckus Iot Module users are not affected by CVE-2020-26878.