Vulnerabilities > Commscope > Ruckus Zoneflex R500 Firmware

DATE CVE VULNERABILITY TITLE RISK
2020-05-05 CVE-2020-8830 Server-Side Request Forgery (SSRF) vulnerability in Commscope Ruckus Zoneflex R500 Firmware
CSRF in login.asp on Ruckus devices allows an attacker to access the panel, and use SSRF to perform scraping or other analysis via the SUBCA-1 field on the Wireless Admin screen.
network
low complexity
commscope CWE-918
8.8
8.8
2020-05-05 CVE-2020-8033 Cross-site Scripting vulnerability in Commscope Ruckus Zoneflex R500 Firmware 3.4.2.0.384
Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Name field.
network
low complexity
commscope CWE-79
6.1
6.1
2020-05-05 CVE-2020-7983 Cross-Site Request Forgery (CSRF) vulnerability in Commscope Ruckus Zoneflex R500 Firmware 3.4.2.0.384
A CSRF issue in login.asp on Ruckus R500 3.4.2.0.384 devices allows remote attackers to access the panel or conduct SSRF attacks.
network
low complexity
commscope CWE-352
8.1
8.1