Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API (/service/v1/createUser endpoint), injecting arbitrary commands that will be executed as root user via web.py.Referenceshttps://adepts.of0x.cchttps://twitter.com/TheXC3LLhttps://x-c3ll.github.iohttps://support.ruckuswireless.com/documentshttps://support.ruckuswireless.com/security_bulletins/305https://adepts.of0x.cc/ruckus-vriot-rce/
