Vendor CVEs
Ruckus
All CVEs
65 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-13916 | 0.00 | — | 0.04 | Jul 28, 2020 | A stack buffer overflow in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to execute code via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n,… | |||
| CVE-2020-13915 | 0.00 | — | 0.02 | Jul 28, 2020 | Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow a remote attacker to overwrite admin credentials via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720,… | |||
| CVE-2020-13914 | 0.00 | — | 0.02 | Jul 28, 2020 | webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to cause a denial of service (Segmentation fault) to the webserver via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710,… | |||
| CVE-2020-13913 | 0.00 | — | 0.01 | Jul 28, 2020 | An XSS issue in emfd in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to execute JavaScript code via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n,… | |||
| CVE-2020-8033 | 0.00 | — | 0.01 | May 5, 2020 | Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Name field. | |||
| CVE-2020-7983 | 0.00 | — | 0.01 | May 5, 2020 | A CSRF issue in login.asp on Ruckus R500 3.4.2.0.384 devices allows remote attackers to access the panel or conduct SSRF attacks. | |||
| CVE-2020-8438 | 0.00 | — | 0.02 | Jan 29, 2020 | Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the nslookuptarget=|cat${IFS} substring. | |||
| CVE-2019-19839 | 0.00 | — | 0.03 | Jan 23, 2020 | emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/_cmdstat.jsp via the uploadFile attribute. | |||
| CVE-2019-19835 | 0.00 | — | 0.02 | Jan 23, 2020 | SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote denial of service via the server attribute to the tools/_rcmdstat.jsp URI. | |||
| CVE-2019-19837 | 0.00 | — | 0.02 | Jan 23, 2020 | Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote information disclosure of bin/web.conf via HTTP requests. | |||
| CVE-2019-19841 | 0.00 | — | 0.03 | Jan 22, 2020 | emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=packet-capture to admin/_cmdstat.jsp via the mac attribute. | |||
| CVE-2019-19843 | 0.00 | — | 0.02 | Jan 22, 2020 | Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wps_tool_cache. | |||
| CVE-2019-19836 | 0.00 | — | 0.04 | Jan 22, 2020 | AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote code execution via a POST request that uses tools/_rcmdstat.jsp to write to a specified filename. | |||
| CVE-2019-19834 | 0.00 | — | 0.02 | Jan 22, 2020 | Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote attacker to jailbreak the CLI via enable->debug->script->exec with ../../../bin/sh as the parameter. | |||
| CVE-2020-7234 | 0.00 | — | 0.01 | Jan 19, 2020 | Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via the SSID field on the Configuration > Radio 2.4G > Wireless X screen (after a successful login to the super account). |
- CVE-2020-13916Jul 28, 2020risk 0.00cvss —epss 0.04
A stack buffer overflow in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to execute code via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n,…
- CVE-2020-13915Jul 28, 2020risk 0.00cvss —epss 0.02
Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow a remote attacker to overwrite admin credentials via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720,…
- CVE-2020-13914Jul 28, 2020risk 0.00cvss —epss 0.02
webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to cause a denial of service (Segmentation fault) to the webserver via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710,…
- CVE-2020-13913Jul 28, 2020risk 0.00cvss —epss 0.01
An XSS issue in emfd in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to execute JavaScript code via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n,…
- CVE-2020-8033May 5, 2020risk 0.00cvss —epss 0.01
Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Name field.
- CVE-2020-7983May 5, 2020risk 0.00cvss —epss 0.01
A CSRF issue in login.asp on Ruckus R500 3.4.2.0.384 devices allows remote attackers to access the panel or conduct SSRF attacks.
- CVE-2020-8438Jan 29, 2020risk 0.00cvss —epss 0.02
Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the nslookuptarget=|cat${IFS} substring.
- CVE-2019-19839Jan 23, 2020risk 0.00cvss —epss 0.03
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/_cmdstat.jsp via the uploadFile attribute.
- CVE-2019-19835Jan 23, 2020risk 0.00cvss —epss 0.02
SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote denial of service via the server attribute to the tools/_rcmdstat.jsp URI.
- CVE-2019-19837Jan 23, 2020risk 0.00cvss —epss 0.02
Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote information disclosure of bin/web.conf via HTTP requests.
- CVE-2019-19841Jan 22, 2020risk 0.00cvss —epss 0.03
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=packet-capture to admin/_cmdstat.jsp via the mac attribute.
- CVE-2019-19843Jan 22, 2020risk 0.00cvss —epss 0.02
Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wps_tool_cache.
- CVE-2019-19836Jan 22, 2020risk 0.00cvss —epss 0.04
AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote code execution via a POST request that uses tools/_rcmdstat.jsp to write to a specified filename.
- CVE-2019-19834Jan 22, 2020risk 0.00cvss —epss 0.02
Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote attacker to jailbreak the CLI via enable->debug->script->exec with ../../../bin/sh as the parameter.
- CVE-2020-7234Jan 19, 2020risk 0.00cvss —epss 0.01
Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via the SSID field on the Configuration > Radio 2.4G > Wireless X screen (after a successful login to the super account).
Page 2 of 2