Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.
References
| Link | Resource |
|---|---|
| https://cybir.com/2023/cve/proof-of-concept-ruckus-wireless-admin-10-4-unauthenticated-remote-code-execution-csrf-ssrf/ | Exploit Third Party Advisory |
| https://support.ruckuswireless.com/security_bulletins/315 | Patch Product Vendor Advisory |
Advertisement
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Information
Published : 2023-02-13 12:15
Updated : 2023-02-23 08:26
NVD link : CVE-2023-25717
Mitre link : CVE-2023-25717
JSON object : View
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')
Advertisement
Products Affected
ruckuswireless
- r510
- r730
- t710s
- t811-cm
- t301s
- smartzone_ap
- zd1000
- e510
- t301n
- h500
- sz-144
- t310d
- t710
- r720
- t504
- h510
- t310c
- r700
- smartzone
- t350d
- q410
- zd1200
- h320
- r320
- r560
- t811-cm\(non-spf\)
- r610
- r710
- sz300-federal
- q910
- r650
- r550
- t750se
- sz-144-federal
- h350
- q710
- t350se
- r850
- r300
- sz300
- t350c
- r350
- ruckus_wireless_admin
- t310s
- t300
- sz100
- r750
- r310
- m510
- zd5000
- r760
- t310n
- p300
- r600
- t750
- zd1100
- t610
- h550
- zd3000
- m510-jp
- r500