Vulnerabilities > CVE-2020-8830 - Server-Side Request Forgery (SSRF) vulnerability in Commscope Ruckus Zoneflex R500 Firmware

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

commscope

CWE-918

NVD

Published: 2020-05-05

Updated: 2021-07-21

Summary

CSRF in login.asp on Ruckus devices allows an attacker to access the panel, and use SSRF to perform scraping or other analysis via the SUBCA-1 field on the Wireless Admin screen.

Vulnerable Configurations

Part	Description	Count
OS	Commscope Commscope Ruckus Zoneflex R500 Firmware -	1
Hardware	Commscope Commscope Ruckus Zoneflex R500 -	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://gist.github.com/CyberSecurityUP/26c5b032897630fe8407da4a8ef216d4