Vulnerability Details CVE-2023-25717
Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.944
EPSS Ranking 99.9%
CVSS Severity
CVSS v3 Score 9.8
Proposed Action
Ruckus Wireless Access Point (AP) software contains an unspecified vulnerability in the web services component. If the web services component is enabled on the AP, an attacker can perform cross-site request forgery (CSRF) or remote code execution (RCE). This vulnerability impacts Ruckus ZoneDirector, SmartZone, and Solo APs.
Ransomware Campaign
Unknown
References
- https://cybir.com/2023/cve/proof-of-concept-ruckus-wireless-admin-10-4-unauthenticated-remote-code-execution-csrf-ssrf/
- https://support.ruckuswireless.com/security_bulletins/315
- https://cybir.com/2023/cve/proof-of-concept-ruckus-wireless-admin-10-4-unauthenticated-remote-code-execution-csrf-ssrf/
- https://support.ruckuswireless.com/security_bulletins/315
Products affected by CVE-2023-25717
-
cpe:2.3:a:ruckuswireless:ruckus_wireless_admin:-
-
cpe:2.3:a:ruckuswireless:ruckus_wireless_admin:10.4
-
cpe:2.3:h:ruckuswireless:e510:-
-
cpe:2.3:h:ruckuswireless:h320:-
-
cpe:2.3:h:ruckuswireless:h350:-
-
cpe:2.3:h:ruckuswireless:h500:-
-
cpe:2.3:h:ruckuswireless:h510:-
-
cpe:2.3:h:ruckuswireless:h550:-
-
cpe:2.3:h:ruckuswireless:m510-jp:-
-
cpe:2.3:h:ruckuswireless:m510:-
-
cpe:2.3:h:ruckuswireless:p300:-
-
cpe:2.3:h:ruckuswireless:q410:-
-
cpe:2.3:h:ruckuswireless:q710:-
-
cpe:2.3:h:ruckuswireless:q910:-
-
cpe:2.3:h:ruckuswireless:r300:-
-
cpe:2.3:h:ruckuswireless:r310:-
-
cpe:2.3:h:ruckuswireless:r320:-
-
cpe:2.3:h:ruckuswireless:r350:-
-
cpe:2.3:h:ruckuswireless:r500:-
-
cpe:2.3:h:ruckuswireless:r510:-
-
cpe:2.3:h:ruckuswireless:r550:-
-
cpe:2.3:h:ruckuswireless:r560:-
-
cpe:2.3:h:ruckuswireless:r600:-
-
cpe:2.3:h:ruckuswireless:r610:-
-
cpe:2.3:h:ruckuswireless:r650:-
-
cpe:2.3:h:ruckuswireless:r700:-
-
cpe:2.3:h:ruckuswireless:r710:-
-
cpe:2.3:h:ruckuswireless:r720:-
-
cpe:2.3:h:ruckuswireless:r730:-
-
cpe:2.3:h:ruckuswireless:r750:-
-
cpe:2.3:h:ruckuswireless:r760:-
-
cpe:2.3:h:ruckuswireless:r850:-
-
cpe:2.3:h:ruckuswireless:sz-144-federal:-
-
cpe:2.3:h:ruckuswireless:sz-144:-
-
cpe:2.3:h:ruckuswireless:sz100:-
-
cpe:2.3:h:ruckuswireless:sz300-federal:-
-
cpe:2.3:h:ruckuswireless:sz300:-
-
cpe:2.3:h:ruckuswireless:t300:-
-
cpe:2.3:h:ruckuswireless:t301n:-
-
cpe:2.3:h:ruckuswireless:t301s:-
-
cpe:2.3:h:ruckuswireless:t310c:-
-
cpe:2.3:h:ruckuswireless:t310d:-
-
cpe:2.3:h:ruckuswireless:t310n:-
-
cpe:2.3:h:ruckuswireless:t310s:-
-
cpe:2.3:h:ruckuswireless:t350c:-
-
cpe:2.3:h:ruckuswireless:t350d:-
-
cpe:2.3:h:ruckuswireless:t350se:-
-
cpe:2.3:h:ruckuswireless:t504:-
-
cpe:2.3:h:ruckuswireless:t610:-
-
cpe:2.3:h:ruckuswireless:t710:-
-
cpe:2.3:h:ruckuswireless:t710s:-
-
cpe:2.3:h:ruckuswireless:t750:-
-
cpe:2.3:h:ruckuswireless:t750se:-
-
cpe:2.3:h:ruckuswireless:t811-cm(non-spf):-
-
cpe:2.3:h:ruckuswireless:t811-cm:-
-
cpe:2.3:h:ruckuswireless:zd1000:-
-
cpe:2.3:h:ruckuswireless:zd1100:-
-
cpe:2.3:h:ruckuswireless:zd1200:-
-
cpe:2.3:h:ruckuswireless:zd3000:-
-
cpe:2.3:h:ruckuswireless:zd5000:-
-
cpe:2.3:o:ruckuswireless:smartzone:-
-
cpe:2.3:o:ruckuswireless:smartzone:5.2.1.3
-
cpe:2.3:o:ruckuswireless:smartzone:6.1.0.0.935
-
cpe:2.3:o:ruckuswireless:smartzone_ap:-
-
cpe:2.3:o:ruckuswireless:smartzone_ap:3.6.2.0.795
-
cpe:2.3:o:ruckuswireless:smartzone_ap:5.2.2.0.2064
-
cpe:2.3:o:ruckuswireless:smartzone_ap:6.1.0.0.9240