VYPR

ZoneFlex R500

by Ruckus

CVEs (2)

  • CVE-2020-8438Jan 29, 2020
    risk 0.00cvss epss 0.02

    Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the nslookuptarget=|cat${IFS} substring.

  • CVE-2020-7234Jan 19, 2020
    risk 0.00cvss epss 0.01

    Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via the SSID field on the Configuration > Radio 2.4G > Wireless X screen (after a successful login to the super account).