CVE-2025-46118 is a medium-severity vulnerability affecting CommScope Ruckus Unleashed wireless controllers prior to versions 200.15.6.212.14 and 200.17.7.0.139, as well as Ruckus ZoneDirector controllers prior to version 10.5.1.0.279. The vulnerability arises from the presence of hard-coded credentials for an FTP user account named 'ftpuser'. These credentials allow unauthenticated remote attackers to gain FTP access to the affected controllers. Through this FTP access, attackers can upload or download arbitrary files within writable firmware directories on the device. This capability can lead to exposure of sensitive information stored on the controller or potentially allow attackers to compromise the device by modifying firmware files or configuration data. The vulnerability is classified under CWE-284 (Improper Access Control), indicating that the system fails to properly restrict access to critical resources. The CVSS v3.1 base score is 5.3 (medium), with vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, meaning the attack can be performed remotely over the network without privileges or user interaction, but the impact is limited to confidentiality loss without affecting integrity or availability. No known exploits are currently reported in the wild, and no official patches or mitigation links are provided at this time. The presence of hard-coded credentials is a significant security design flaw, as it bypasses normal authentication mechanisms and can be exploited by any attacker with network access to the device's management interface. Given that these controllers are often deployed in enterprise and service provider environments to manage wireless networks, the vulnerability could be leveraged to gain sensitive network information or prepare for further attacks against the network infrastructure.

For European organizations, this vulnerability poses a risk primarily to the confidentiality of sensitive information managed by Ruckus wireless controllers. Attackers exploiting this flaw could access configuration files, logs, or firmware components that may contain credentials, network topology, or other sensitive data. While the vulnerability does not directly allow modification of firmware or disruption of service (integrity and availability impacts are rated none), the ability to retrieve or upload files could enable attackers to implant malicious files or backdoors, potentially leading to more severe compromises. Organizations relying on Ruckus Unleashed or ZoneDirector controllers for wireless network management, especially in sectors such as finance, healthcare, government, and critical infrastructure, could face increased risk of targeted attacks or data leakage. The vulnerability's remote and unauthenticated nature means that attackers do not require prior access or user interaction, increasing the attack surface. Additionally, since wireless controllers often have elevated privileges within network environments, compromise could facilitate lateral movement or reconnaissance within European enterprise networks.

European organizations should immediately inventory their network infrastructure to identify deployments of affected Ruckus Unleashed and ZoneDirector controllers. Until official patches are released, organizations should implement compensating controls such as restricting network access to the management interfaces of these controllers using network segmentation and firewall rules, allowing FTP access only from trusted administrative hosts. Disabling FTP services on the controllers, if possible, or replacing FTP with more secure protocols should be prioritized. Monitoring network traffic for unusual FTP activity targeting these devices can help detect exploitation attempts. Organizations should also review and rotate any credentials associated with these devices and audit logs for signs of unauthorized access. Engaging with CommScope support to obtain updates or workarounds and planning timely patch deployment once available is critical. Additionally, consider deploying intrusion detection/prevention systems (IDS/IPS) with signatures tuned to detect exploitation attempts of this vulnerability. Finally, educating network administrators about the risks of hard-coded credentials and enforcing strict device configuration management policies will reduce future exposure.