Ruckuswireless Unleashed vulnerabilities
10 known vulnerabilities affecting ruckuswireless/unleashed.
Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2019-19838P2CRITICALCVSS 9.8fixed in 200.7.10.202.942020-01-23
CVE-2019-19838 [CRITICAL] CWE-78 CVE-2019-19838: emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS comm
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/_cmdstat.jsp via the uploadFile attribute.
nvd
CVE-2019-19840P2CRITICALCVSS 9.8fixed in 200.7.10.202.942020-01-22
CVE-2019-19840 [CRITICAL] CWE-787 CVE-2019-19840: A stack-based buffer overflow in zap_parse_args in zap.c in zap in Ruckus Unleashed through 200.7.10
A stack-based buffer overflow in zap_parse_args in zap.c in zap in Ruckus Unleashed through 200.7.10.102.64 allows remote code execution via an unauthenticated HTTP request.
nvd
CVE-2019-19842P2CRITICALCVSS 9.8fixed in 200.7.10.202.942020-01-22
CVE-2019-19842 [CRITICAL] CWE-78 CVE-2019-19842: emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS comm
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=spectra-analysis to admin/_cmdstat.jsp via the mac attribute.
nvd
CVE-2019-19836P2CRITICALCVSS 9.8fixed in 200.7.10.202.942020-01-22
CVE-2019-19836 [CRITICAL] CWE-20 CVE-2019-19836: AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote code
AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote code execution via a POST request that uses tools/_rcmdstat.jsp to write to a specified filename.
nvd
CVE-2019-19841P2CRITICALCVSS 9.8fixed in 200.7.10.202.942020-01-22
CVE-2019-19841 [CRITICAL] CWE-78 CVE-2019-19841: emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS comm
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=packet-capture to admin/_cmdstat.jsp via the mac attribute.
nvd
CVE-2019-19839P2CRITICALCVSS 9.8fixed in 200.7.10.202.942020-01-23
CVE-2019-19839 [CRITICAL] CWE-78 CVE-2019-19839: emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS comm
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/_cmdstat.jsp via the uploadFile attribute.
nvd
CVE-2019-19843P3CRITICALCVSS 9.8fixed in 200.7.10.202.942020-01-22
CVE-2019-19843 [CRITICAL] CWE-522 CVE-2019-19843: Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 a
Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wps_tool_cache.
nvd
CVE-2019-19834P3HIGHCVSS 7.2fixed in 200.7.10.202.942020-01-22
CVE-2019-19834 [HIGH] CWE-22 CVE-2019-19834: Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a rem
Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote attacker to jailbreak the CLI via enable->debug->script->exec with ../../../bin/sh as the parameter.
nvd
CVE-2019-19835P3HIGHCVSS 7.5fixed in 200.7.10.202.942020-01-23
CVE-2019-19835 [HIGH] CWE-918 CVE-2019-19835: SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a r
SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote denial of service via the server attribute to the tools/_rcmdstat.jsp URI.
nvd
CVE-2019-19837P4MEDIUMCVSS 5.3fixed in 200.7.10.202.942020-01-23
CVE-2019-19837 [MEDIUM] CVE-2019-19837: Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 a
Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote information disclosure of bin/web.conf via HTTP requests.
nvd