Emre SUREN

4 exploits Active since Oct 2020
CVE-2020-26878 NOMISEC HIGH WORKING POC
Ruckus <1.5.1.0.21 - Command Injection
Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API (/service/v1/createUser endpoint), injecting arbitrary commands that will be executed as root user via web.py.
CVSS 8.8
CVE-2020-26879 VULNCHECK_XDB CRITICAL WORKING POC
Ruckus vRioT <= 1.5.1.0.21 - Unauthenticated API Backdoor via Hardcoded Authorization Header
Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An unauthenticated attacker can interact with the service API by using a backdoor value as the Authorization header.
CVSS 9.8
CVE-2020-26878 VULNCHECK_XDB HIGH WORKING POC
Ruckus <1.5.1.0.21 - Command Injection
Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API (/service/v1/createUser endpoint), injecting arbitrary commands that will be executed as root user via web.py.
CVSS 8.8
EIP-2026-101963 EXPLOITDB python WORKING POC
Ruckus IoT Controller (Ruckus vRIoT) 1.5.1.0.21 - Remote Code Execution