Vulnerability Description
Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An unauthenticated attacker can interact with the service API by using a backdoor value as the Authorization header.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Commscope | Ruckus Vriot | <= 1.5.1.0.21 |
| Commscope | Ruckus Iot Module | - |
Related Weaknesses (CWE)
References
- https://adepts.of0x.ccThird Party Advisory
- https://adepts.of0x.cc/ruckus-vriot-rce/ExploitThird Party Advisory
- https://support.ruckuswireless.com/documentsVendor Advisory
- https://support.ruckuswireless.com/security_bulletins/305ProductVendor Advisory
- https://twitter.com/TheXC3LLThird Party Advisory
- https://x-c3ll.github.ioThird Party Advisory
- https://adepts.of0x.ccThird Party Advisory
- https://adepts.of0x.cc/ruckus-vriot-rce/ExploitThird Party Advisory
- https://support.ruckuswireless.com/documentsVendor Advisory
- https://support.ruckuswireless.com/security_bulletins/305ProductVendor Advisory
- https://twitter.com/TheXC3LLThird Party Advisory
- https://x-c3ll.github.ioThird Party Advisory
FAQ
What is CVE-2020-26879?
CVE-2020-26879 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An unauthenticated attacker can interact with the service API by using a backdoor value as the Authorizati...
How severe is CVE-2020-26879?
CVE-2020-26879 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-26879?
Check the references section above for vendor advisories and patch information. Affected products include: Commscope Ruckus Vriot, Commscope Ruckus Iot Module.