Description
Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.
Related CPE's
a
ruckuswireless
ruckus_wireless_admin
o
ruckuswireless
smartzone_ap
h
ruckuswireless
e510
h
ruckuswireless
h320
h
ruckuswireless
h510
h
ruckuswireless
m510
h
ruckuswireless
r310
h
ruckuswireless
r320
h
ruckuswireless
r510
h
ruckuswireless
r550
h
ruckuswireless
r610
h
ruckuswireless
r650
h
ruckuswireless
r710
h
ruckuswireless
r720
h
ruckuswireless
r730
h
ruckuswireless
r750
h
ruckuswireless
r850
h
ruckuswireless
sz-144
h
ruckuswireless
sz100
h
ruckuswireless
sz300
h
ruckuswireless
t310c
h
ruckuswireless
t310d
h
ruckuswireless
t310n
h
ruckuswireless
t310s
h
ruckuswireless
t610
h
ruckuswireless
t710
h
ruckuswireless
t710s
h
ruckuswireless
t750
h
ruckuswireless
t750se
h
ruckuswireless
t811-cm
o
ruckuswireless
smartzone
References
https://support.ruckuswireless.com/security_bulletins/315
https://support.ruckuswireless.com/security_bulletins/315
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 · Critical
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2023-02-13T20:15:10.973
2 years agoLast modified
2025-03-10T20:48:20.863
1 month ago