Shodan
Vulnerabilities
Vulnerable Software
Ruckuswireless:  >> E510  Security Vulnerabilities
CVE-2019-19839
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/_cmdstat.jsp via the uploadFile attribute.
CVSS Score
9.8
EPSS Score
0.043
Published
2020-01-23
CVE-2019-19837
Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote information disclosure of bin/web.conf via HTTP requests.
CVSS Score
5.3
EPSS Score
0.009
Published
2020-01-23
CVE-2019-19835
SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote denial of service via the server attribute to the tools/_rcmdstat.jsp URI.
CVSS Score
7.5
EPSS Score
0.013
Published
2020-01-23
CVE-2019-19840
A stack-based buffer overflow in zap_parse_args in zap.c in zap in Ruckus Unleashed through 200.7.10.102.64 allows remote code execution via an unauthenticated HTTP request.
CVSS Score
9.8
EPSS Score
0.217
Published
2020-01-22
CVE-2019-19841
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=packet-capture to admin/_cmdstat.jsp via the mac attribute.
CVSS Score
9.8
EPSS Score
0.043
Published
2020-01-22
CVE-2019-19842
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=spectra-analysis to admin/_cmdstat.jsp via the mac attribute.
CVSS Score
9.8
EPSS Score
0.067
Published
2020-01-22
CVE-2019-19834
Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote attacker to jailbreak the CLI via enable->debug->script->exec with ../../../bin/sh as the parameter.
CVSS Score
7.2
EPSS Score
0.013
Published
2020-01-22
CVE-2019-19836
AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote code execution via a POST request that uses tools/_rcmdstat.jsp to write to a specified filename.
CVSS Score
9.8
EPSS Score
0.024
Published
2020-01-22
CVE-2019-19843
Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wps_tool_cache.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-01-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved