Vulnerabilities > Ruckuswireless

DATE CVE VULNERABILITY TITLE RISK
2020-07-28 CVE-2020-13919 OS Command Injection vulnerability in Ruckuswireless Unleashed Firmware
emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to achieve command injection via a crafted HTTP request.
network
low complexity
ruckuswireless CWE-78
7.5
2020-07-28 CVE-2020-13918 Information Exposure vulnerability in Ruckuswireless Unleashed Firmware
Incorrect access control in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to leak system information (that can be used for a jailbreak) via an unauthenticated crafted HTTP request.
network
low complexity
ruckuswireless CWE-200
5.0
2020-07-28 CVE-2020-13917 OS Command Injection vulnerability in Ruckuswireless Unleashed Firmware
rkscli in Ruckus Wireless Unleashed through 200.7.10.92 allows a remote attacker to achieve command injection and jailbreak the CLI via a crafted CLI command.
network
low complexity
ruckuswireless CWE-78
7.5
2020-07-28 CVE-2020-13916 Out-of-bounds Write vulnerability in Ruckuswireless Unleashed Firmware 200.7.10.102.92
A stack buffer overflow in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to execute code via an unauthenticated crafted HTTP request.
network
low complexity
ruckuswireless CWE-787
7.5
2020-07-28 CVE-2020-13915 Insufficiently Protected Credentials vulnerability in Ruckuswireless Unleashed Firmware
Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow a remote attacker to overwrite admin credentials via an unauthenticated crafted HTTP request.
network
low complexity
ruckuswireless CWE-522
6.4
2020-07-28 CVE-2020-13914 Improper Input Validation vulnerability in Ruckuswireless Unleashed Firmware
webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to cause a denial of service (Segmentation fault) to the webserver via an unauthenticated crafted HTTP request.
network
low complexity
ruckuswireless CWE-20
5.0
2020-07-28 CVE-2020-13913 Cross-site Scripting vulnerability in Ruckuswireless Unleashed Firmware 200.7.10.102.92
An XSS issue in emfd in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to execute JavaScript code via an unauthenticated crafted HTTP request.
4.3
2020-01-23 CVE-2019-19839 OS Command Injection vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/_cmdstat.jsp via the uploadFile attribute.
network
low complexity
ruckuswireless CWE-78
critical
10.0
2020-01-23 CVE-2019-19838 OS Command Injection vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/_cmdstat.jsp via the uploadFile attribute.
network
low complexity
ruckuswireless CWE-78
critical
10.0
2020-01-23 CVE-2019-19837 Information Exposure vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware
Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote information disclosure of bin/web.conf via HTTP requests.
network
low complexity
ruckuswireless CWE-200
7.8