CVE-2019-19841

Vulnerability

The vulnerability resides in the emfd component of Ruckus Wireless Unleashed firmware versions through 200.7.10.102.64. It allows remote attackers to execute arbitrary OS commands by sending a POST request to the /admin/_cmdstat.jsp endpoint with the parameter xcmd=packet-capture and a crafted mac attribute. No authentication is required to trigger the vulnerability. [1]

Exploitation

An attacker can exploit this vulnerability without any prior authentication. The attacker sends a POST request to admin/_cmdstat.jsp with the xcmd parameter set to packet-capture and the mac parameter containing the OS command to be executed. The command is injected into the system and executed by emfd. [1]

Impact

Successful exploitation results in remote code execution as the root user, giving the attacker full control over the affected access point. This can lead to data exfiltration, network pivoting, and further compromise of the network. [1]

Mitigation

As of the publication date (2020-01-22), no official patch has been released in the available references. Users should monitor Ruckus security advisories and upgrade to a patched firmware version if released. If no patch is available, limiting network access to the management interface can reduce exposure. [1]