CVE-2019-19834
Description
Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote attacker to jailbreak the CLI via enable->debug->script->exec with ../../../bin/sh as the parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Directory traversal in Ruckus Wireless Unleashed CLI allows remote attackers to escape the restricted shell and execute arbitrary commands as root.
Vulnerability
A directory traversal vulnerability exists in the ruckus_cli2 component of Ruckus Wireless Unleashed firmware versions through 200.7.10.102.64. The bug is triggered by issuing the CLI commands enable, debug, script, and exec with a path traversal parameter (e.g., ../../../bin/sh), allowing an attacker to escape the intended restricted CLI environment. The vulnerability is reachable after obtaining CLI access, which may require prior authentication bypass [1].
Exploitation
An attacker must first gain access to the Ruckus Unleashed CLI. This can be achieved through an authentication bypass or other means. Once authenticated, the attacker executes the sequence enable (to enter privileged mode), debug, script, and exec followed by a path traversal string to reference /bin/sh or another executable. No user interaction beyond the attacker's own actions is required.
Impact
Successful exploitation allows the attacker to execute arbitrary commands with root privileges, effectively gaining full control over the affected access point. This can lead to complete compromise of confidentiality, integrity, and availability of the device.
Mitigation
As of the publication date, no official patch has been released by Ruckus Networks. Users are advised to monitor the vendor's security advisories for firmware updates. Until a fix is available, restricting network access to the management interface of affected devices can reduce exposure [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Ruckus Wireless/Unleasheddescription
- Range: <=200.7.10.102.64
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- alephsecurity.com/2020/01/14/ruckus-wirelessmitrex_refsource_MISC
- fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.htmlmitrex_refsource_MISC
- www.ruckuswireless.com/security/299/view/txtmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.