Unleashed AP

CVEs (13)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2017-6224	Ruckus Zonedirector Firmware	Hig	0.57	8.8	0.01	Oct 13, 2017	Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ZD10.0.0.x, ZD10.0.1.x (less than 10.0.1.0.17 MR1 release) and Ruckus Wireless Unleashed AP Firmware releases 200.0.x, 200.1.x, 200.2.x, 200.3.x, 200.4.x. contain OS Command Injection vulnerabilities that could…
CVE-2019-19838	Ruckus Unleashed AP		0.02	—	0.23	Jan 23, 2020	emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/_cmdstat.jsp via the uploadFile attribute.
CVE-2019-19840	Ruckus Unleashed AP		0.02	—	0.22	Jan 22, 2020	A stack-based buffer overflow in zap_parse_args in zap.c in zap in Ruckus Unleashed through 200.7.10.102.64 allows remote code execution via an unauthenticated HTTP request.
CVE-2019-19842	Ruckus Unleashed AP		0.01	—	0.07	Jan 22, 2020	emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=spectra-analysis to admin/_cmdstat.jsp via the mac attribute.
CVE-2025-63735	WordPress Lt Unleashed		0.00	—	0.00	Nov 25, 2025	A reflected Cross site scripting (XSS) vulnerability in Ruckus Unleashed 200.13.6.1.319 via the name parameter to the the captive-portal endpoint selfguestpass/guestAccessSubmit.jsp.
CVE-2019-19839	Ruckus Unleashed AP		0.00	—	0.04	Jan 23, 2020	emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/_cmdstat.jsp via the uploadFile attribute.
CVE-2019-19835	Ruckus Unleashed AP		0.00	—	0.01	Jan 23, 2020	SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote denial of service via the server attribute to the tools/_rcmdstat.jsp URI.
CVE-2019-19837	Ruckus Unleashed AP		0.00	—	0.01	Jan 23, 2020	Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote information disclosure of bin/web.conf via HTTP requests.
CVE-2019-19841	Ruckus Unleashed AP		0.00	—	0.04	Jan 22, 2020	emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=packet-capture to admin/_cmdstat.jsp via the mac attribute.
CVE-2019-19843	Ruckus Unleashed AP		0.00	—	0.01	Jan 22, 2020	Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wps_tool_cache.
CVE-2019-19836	Ruckus Unleashed AP		0.00	—	0.02	Jan 22, 2020	AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote code execution via a POST request that uses tools/_rcmdstat.jsp to write to a specified filename.
CVE-2019-19834	Ruckus Unleashed AP		0.00	—	0.01	Jan 22, 2020	Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote attacker to jailbreak the CLI via enable->debug->script->exec with ../../../bin/sh as the parameter.
CVE-2017-6229	Ruckus Unleashed AP		0.00	—	0.05	Feb 14, 2018	Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and Ruckus Networks Zone Director firmware releases 10.1.0.0.x, 9.10.2.0.x, 9.12.3.0.x, 9.13.3.0.x, 10.0.1.0.x or before contain authenticated Root Command Injection in the CLI that could allow authenticated…

CVE-2017-6224HigOct 13, 2017
Ruckus
Zonedirector Firmware
risk 0.57cvss 8.8epss 0.01
Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ZD10.0.0.x, ZD10.0.1.x (less than 10.0.1.0.17 MR1 release) and Ruckus Wireless Unleashed AP Firmware releases 200.0.x, 200.1.x, 200.2.x, 200.3.x, 200.4.x. contain OS Command Injection vulnerabilities that could…
CVE-2019-19838Jan 23, 2020
Ruckus
Unleashed AP
risk 0.02cvss —epss 0.23
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/_cmdstat.jsp via the uploadFile attribute.
CVE-2019-19840Jan 22, 2020
Ruckus
Unleashed AP
risk 0.02cvss —epss 0.22
A stack-based buffer overflow in zap_parse_args in zap.c in zap in Ruckus Unleashed through 200.7.10.102.64 allows remote code execution via an unauthenticated HTTP request.
CVE-2019-19842Jan 22, 2020
Ruckus
Unleashed AP
risk 0.01cvss —epss 0.07
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=spectra-analysis to admin/_cmdstat.jsp via the mac attribute.
CVE-2025-63735Nov 25, 2025
WordPress
Lt Unleashed
risk 0.00cvss —epss 0.00
A reflected Cross site scripting (XSS) vulnerability in Ruckus Unleashed 200.13.6.1.319 via the name parameter to the the captive-portal endpoint selfguestpass/guestAccessSubmit.jsp.
CVE-2019-19839Jan 23, 2020
Ruckus
Unleashed AP
risk 0.00cvss —epss 0.04
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/_cmdstat.jsp via the uploadFile attribute.
CVE-2019-19835Jan 23, 2020
Ruckus
Unleashed AP
risk 0.00cvss —epss 0.01
SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote denial of service via the server attribute to the tools/_rcmdstat.jsp URI.
CVE-2019-19837Jan 23, 2020
Ruckus
Unleashed AP
risk 0.00cvss —epss 0.01
Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote information disclosure of bin/web.conf via HTTP requests.
CVE-2019-19841Jan 22, 2020
Ruckus
Unleashed AP
risk 0.00cvss —epss 0.04
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=packet-capture to admin/_cmdstat.jsp via the mac attribute.
CVE-2019-19843Jan 22, 2020
Ruckus
Unleashed AP
risk 0.00cvss —epss 0.01
Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wps_tool_cache.
CVE-2019-19836Jan 22, 2020
Ruckus
Unleashed AP
risk 0.00cvss —epss 0.02
AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote code execution via a POST request that uses tools/_rcmdstat.jsp to write to a specified filename.
CVE-2019-19834Jan 22, 2020
Ruckus
Unleashed AP
risk 0.00cvss —epss 0.01
Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote attacker to jailbreak the CLI via enable->debug->script->exec with ../../../bin/sh as the parameter.
CVE-2017-6229Feb 14, 2018
Ruckus
Unleashed AP
risk 0.00cvss —epss 0.05
Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and Ruckus Networks Zone Director firmware releases 10.1.0.0.x, 9.10.2.0.x, 9.12.3.0.x, 9.13.3.0.x, 10.0.1.0.x or before contain authenticated Root Command Injection in the CLI that could allow authenticated…