.. / CVE-2021-33221

Exploit for CommScope Ruckus IoT Controller - Information Disclosure (CVE-2021-33221)

Description:

CommScope Ruckus IoT Controller is susceptible to information disclosure vulnerabilities because a ‘service details’ API endpoint discloses system and configuration information to an attacker without requiring authentication. This information includes DNS and NTP servers that the devices use for time and host resolution. It also includes the internal hostname and IoT Controller version. A fully configured device in production may leak other, more sensitive information (API keys and tokens).

Nuclei Template

View the template here CVE-2021-33221.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-33221.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2021-33221
https://github.com/ARPSyndicate/cvemon
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33221
https://www.commscope.com/globalassets/digizuite/917216-faq-security-advisory-id-20210525-v1-0.pdf
http://seclists.org/fulldisclosure/2021/May/72
https://korelogic.com/advisories.html

.. / CVE-2021-33221 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for CommScope Ruckus IoT Controller - Information Disclosure (CVE-2021-33221)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-33221