Commscope: community verdicts
3 notable / known-exploited Commscope CVEs the community has triaged.
- CVE-2023-25717CRIT 9.8KEVEPSS 95%
Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.
- CVE-2022-45701HIGH 8.8EPSS 45%
Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature.
- CVE-2023-45992CRIT 9.6Real · low riskEPSS 1%
A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system.