Subscribe via feed.

CommScope Ruckus IoT Controller 1.7.1.0 Web Application Arbitrary Read/Write

Posted by deepcore on May 28, 2021 – 7:31 pm

The IoT Controller web application includes a NodeJS module, node-red, which has the capability for users to read or write to local files on the IoT Controller. With the elevated privileges the web application runs as, this allowed for reading and writing to any file on the IoT Controller filesystem.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.