ГлавнаяУязвимости → CVE-2025-44961
9.9критическая

CVE-2025-44961

Описание

In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user.

Затрагиваемое ПО
Commscope Ruckus smartzone firmwareCommscope Ruckus virtual smartzoneCommscope Ruckus virtual smartzone-federalCommscope Ruckus c110Commscope Ruckus e510Commscope Ruckus h320Commscope Ruckus h350Commscope Ruckus h510Commscope Ruckus m510Commscope Ruckus r320Commscope Ruckus r510Commscope Ruckus r560Commscope Ruckus r610Commscope Ruckus r710Commscope Ruckus r720Commscope Ruckus r730Commscope Ruckus r750Commscope Ruckus smartzone 100Commscope Ruckus smartzone 100-dCommscope Ruckus smartzone 144Commscope Ruckus smartzone 144-federalCommscope Ruckus smartzone 300Commscope Ruckus smartzone 300-federalCommscope Ruckus t310cCommscope Ruckus t310d
CVSS
Балл9.9 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Источники
https://claroty.com/team82/disclosure-dashboard/cve-2025-44961https://kb.cert.org/vuls/id/613753https://webresources.commscope.com/download/assets/FAQ+Security+Advisory%3A+ID+20250710/225f44ac3bd311f095821adcaa92e24ehttps://www.kb.cert.org/vuls/id/613753