First published: Mon Oct 26 2020(Updated: )
Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An unauthenticated attacker can interact with the service API by using a backdoor value as the Authorization header.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Commscope Ruckus Vriot | <=1.5.1.0.21 | |
Commscope Ruckus Iot Module |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-26879 is a vulnerability in Ruckus vRioT through 1.5.1.0.21 that allows unauthenticated attackers to interact with the service API using a backdoor value as the Authorization header.
CVE-2020-26879 has a severity rating of 9.8 (Critical).
An attacker can exploit CVE-2020-26879 by sending requests to the service API with a backdoor value as the Authorization header.
The affected software for CVE-2020-26879 is Ruckus vRioT version 1.5.1.0.21.
No, Commscope Ruckus Iot Module is not affected by CVE-2020-26879.