Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers.
A product requires authentication, but the product has an alternate path or channel that does not require authentication.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ruckus_smartzone_firmware | Commscope | * | 6.1.2 (excluding) |
Ruckus_smartzone_firmware | Commscope | 6.1.2 (including) | 6.1.2 (including) |
Ruckus_smartzone_firmware | Commscope | 6.1.2-p2 (including) | 6.1.2-p2 (including) |
Ruckus_smartzone_firmware | Commscope | 6.1.2-p3 (including) | 6.1.2-p3 (including) |
Ruckus_smartzone_firmware | Commscope | 7.0.0 (including) | 7.0.0 (including) |
Ruckus_smartzone_firmware | Commscope | 7.1.0 (including) | 7.1.0 (including) |