Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCommscope Ruckus Smartzone Firmware
OSCommscope6.1.0.0.935< 5.2.1.3< 5.2.1.3.1695Ruckuswireless E510
HWRuckuswirelesswszystkie wersjeRuckuswireless H320
HWRuckuswirelesswszystkie wersjeRuckuswireless H350
HWRuckuswirelesswszystkie wersjeRuckuswireless H500
HWRuckuswirelesswszystkie wersjeRuckuswireless H510
HWRuckuswirelesswszystkie wersjeRuckuswireless H550
HWRuckuswirelesswszystkie wersjeRuckuswireless M510
HWRuckuswirelesswszystkie wersjeRuckuswireless M510 Jp
HWRuckuswirelesswszystkie wersjeRuckuswireless P300
HWRuckuswirelesswszystkie wersjeRuckuswireless Q410
HWRuckuswirelesswszystkie wersjeRuckuswireless Q710
HWRuckuswirelesswszystkie wersjeRuckuswireless Q910
HWRuckuswirelesswszystkie wersjeRuckuswireless R300
HWRuckuswirelesswszystkie wersjeRuckuswireless R310
HWRuckuswirelesswszystkie wersjeRuckuswireless R320
HWRuckuswirelesswszystkie wersjeRuckuswireless R350
HWRuckuswirelesswszystkie wersjeRuckuswireless R500
HWRuckuswirelesswszystkie wersjeRuckuswireless R510
HWRuckuswirelesswszystkie wersjeRuckuswireless R550
HWRuckuswirelesswszystkie wersjeRuckuswireless R560
HWRuckuswirelesswszystkie wersjeRuckuswireless R600
HWRuckuswirelesswszystkie wersjeRuckuswireless R610
HWRuckuswirelesswszystkie wersjeRuckuswireless R650
HWRuckuswirelesswszystkie wersjeRuckuswireless R700
HWRuckuswirelesswszystkie wersjeRuckuswireless R710
HWRuckuswirelesswszystkie wersjeRuckuswireless R720
HWRuckuswirelesswszystkie wersjeRuckuswireless R730
HWRuckuswirelesswszystkie wersjeRuckuswireless R750
HWRuckuswirelesswszystkie wersjeRuckuswireless R760
HWRuckuswirelesswszystkie wersje
CISA KEV — detailsi
- Vendori
- Ruckus Wireless
- Producti
- Multiple Products
- Added to KEVi
- May 12, 2023
- Remediation deadline (US Federal)i
- June 2, 2023(overdue)
Apply updates per vendor instructions or disconnect product if it is end-of-life.
Ruckus Wireless Access Point (AP) software contains an unspecified vulnerability in the web services component. If the web services component is enabled on the AP, an attacker can perform cross-site request forgery (CSRF) or remote code execution (RCE). This vulnerability impacts Ruckus ZoneDirector, SmartZone, and Solo APs.
Related vulnerabilities
Command injection w RUCKUS SmartZone przez pole adresu IP
Hardcoded SSH private key w RUCKUS SmartZone — dostęp root zdalnie
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruc...
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruc...
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruc...