CVE-2025-46122 is a critical remote command injection vulnerability found in CommScope Ruckus Unleashed wireless access points prior to versions 200.15.6.212.14 and 200.17.7.0.139. The flaw exists in the authenticated diagnostics API endpoint `/admin/_cmdstat.jsp`, which improperly handles attacker-controlled input by passing it directly to the underlying shell without sufficient validation or sanitization. This allows an authenticated attacker to specify a target device by MAC address and execute arbitrary commands with root privileges on the affected device. The vulnerability is classified under CWE-77 (Improper Neutralization of Special Elements used in a Command), indicating a command injection weakness. The CVSS v3.1 base score is 9.1, reflecting its critical severity, with an attack vector of network (remote), low attack complexity, requiring high privileges (authenticated user), no user interaction, and a scope change that affects confidentiality, integrity, and availability at a high level. Although no public exploits are currently known in the wild, the potential for severe impact is significant given the root-level command execution capability. This vulnerability could be exploited by attackers who have obtained valid credentials or have compromised an account with administrative access to the device's management interface. The affected devices are typically deployed in enterprise and service provider wireless networks, making them attractive targets for attackers seeking to gain persistent footholds or disrupt network operations.

For European organizations, the impact of CVE-2025-46122 can be substantial. Ruckus Unleashed access points are widely used in enterprise environments, educational institutions, hospitality, and public venues across Europe. Exploitation could lead to full compromise of the wireless infrastructure device, enabling attackers to intercept or manipulate network traffic, deploy malware, pivot to internal networks, or cause denial of service. The root-level access allows attackers to disable security controls, create backdoors, or exfiltrate sensitive data. Given the critical role of wireless access points in providing network connectivity, disruption or compromise could affect business continuity, data confidentiality, and regulatory compliance, especially under GDPR requirements. Additionally, the ability to specify targets by MAC address could allow attackers to selectively attack high-value devices or users. The vulnerability’s requirement for authentication limits exposure to some extent but does not eliminate risk, as credential theft or insider threats remain realistic attack vectors. The lack of known exploits in the wild suggests organizations have a window to remediate before widespread exploitation occurs.

Organizations should immediately upgrade affected Ruckus Unleashed devices to versions 200.15.6.212.14, 200.17.7.0.139, or later where the vulnerability has been patched. If upgrading is not immediately possible, restrict access to the management interface to trusted administrators only, ideally via VPN or secure management VLANs. Implement strong authentication mechanisms, including multi-factor authentication, to reduce the risk of credential compromise. Monitor device logs and network traffic for unusual commands or access patterns targeting the `/admin/_cmdstat.jsp` endpoint. Disable or restrict the diagnostics API endpoint if it is not required for operations. Conduct regular audits of user accounts and permissions on the devices to ensure only authorized personnel have administrative access. Network segmentation should be enforced to limit lateral movement if a device is compromised. Finally, maintain an incident response plan that includes wireless infrastructure components to quickly detect and respond to any exploitation attempts.