CVE-2020-26878: OS Command Injection
First published: Mon Oct 26 2020(Updated: )
Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API (/service/v1/createUser endpoint), injecting arbitrary commands that will be executed as root user via web.py.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Commscope Ruckus Vriot | <=1.5.1.0.21 | |
| Commscope Ruckus Iot Module |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-26878?
CVE-2020-26878 is a vulnerability affecting Ruckus through 1.5.1.0.21 that allows remote command injection.
How does CVE-2020-26878 work?
CVE-2020-26878 allows an authenticated user to submit a malicious query to the /service/v1/createUser API endpoint, injecting arbitrary commands that will be executed as the root user.
What is the severity of CVE-2020-26878?
CVE-2020-26878 has a severity rating of 8.8 (critical).
How can I fix CVE-2020-26878?
To fix CVE-2020-26878, Commscope Ruckus Vriot users should upgrade to a version beyond 1.5.1.0.21.
Are Commscope Ruckus Iot Module users affected by CVE-2020-26878?
No, Commscope Ruckus Iot Module users are not affected by CVE-2020-26878.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/commscope
- canonical/commscope ruckus vriot
- version/commscope ruckus vriot/1.5.1.0.21
- canonical/commscope ruckus iot module