E20-a4xq1
CVSS:
9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
False Positive:
t
Variants:
1
Year:
2020
Description
An OS command injection vulnerability exists in Ruckus IoT Controller 1.5.1.0.21 and prior due to lack of user input validation. The vulnerability exists in the '/service/v1/createUser' endpoint which is in charge of new users creation. By sending a crafted HTTP POST data, a remote authenticated attacker may execute arbitrary OS commands as the root user.