CVE-2025-46116

CVE Database · CVE-2025-46116

CVE-2025-46116

· HIGHAnalyzed

CVSS v3.1

8.8

EPSS

0.46%

Published

Jul 21, 2025

Modified

Aug 5, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command `!v54!` via a management API call and then invoke it to escape the restricted shell and obtain a root shell on the controller.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-250CWE-269

Affected Products (43)

ruckuswireless · ruckus_unleashed (up to 200.15.6.212.14)vulnerable

ruckuswireless · ruckus_unleashed (up to 200.17.7.0.139)vulnerable

ruckuswireless · ruckus_zonedirector (up to 10.5.1.0.279)vulnerable

commscope · ruckus_c110

commscope · ruckus_e510

commscope · ruckus_h320

commscope · ruckus_h350

commscope · ruckus_h510

commscope · ruckus_h550

commscope · ruckus_m510

commscope · ruckus_m510-jp

References (2)

https://sector7.computest.nl/post/2025-07-ruckus-unleashed/

ExploitThird Party Advisory

https://support.ruckuswireless.com/security_bulletins/330

Product

KEV Catalog EPSS Scores Vendors All CVEs