CVE-2019-19835

Vulnerability

An SSRF (Server-Side Request Forgery) vulnerability exists in the AjaxRestrictedCmdStat component of Ruckus Wireless Unleashed firmware through version 200.7.10.102.64 [1]. The vulnerability is triggered by sending a crafted server attribute to the tools/_rcmdstat.jsp URI, allowing a remote attacker to cause a denial of service [1][2]. Affected devices include indoor and outdoor access points such as R510, R610, R710, and many others running the vulnerable firmware [1].

Exploitation

An attacker does not require authentication and can exploit this SSRF over the network [1]. By sending a malicious HTTP request to the tools/_rcmdstat.jsp endpoint with a crafted server parameter, the vulnerable component makes an outbound request to a destination controlled by the attacker, leading to a denial of service condition [1][2]. No user interaction is needed [1].

Impact

Successful exploitation results in a denial of service, impacting the availability of the affected access point [1][2]. The attacker does not gain code execution or data access from this specific vulnerability, but it can be chained with other vulnerabilities for more severe impacts [1]. The CIA impact is limited to availability [1].

Mitigation

Ruckus has not released a patch for this specific vulnerability as of the publication date [1][2]. Users are advised to restrict network access to the management interface of affected devices and monitor for firmware updates from Ruckus [1]. The affected firmware version 200.7.10.102.64 is end-of-life for some devices [1].