Vulnerabilities > Ruckuswireless

DATE CVE VULNERABILITY TITLE RISK
2023-01-20 CVE-2020-22661 Unspecified vulnerability in Ruckuswireless products
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to erase the backup secondary official image and write secondary backup unauthorized image.
network
low complexity
ruckuswireless
6.5
2023-01-20 CVE-2020-22662 Command Injection vulnerability in Ruckuswireless products
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to change and set unauthorized "illegal region code" by remote code Execution command injection which leads to run illegal frequency with maxi output power.
network
low complexity
ruckuswireless CWE-77
7.5
2023-01-18 CVE-2021-36630 Allocation of Resources Without Limits or Throttling vulnerability in Ruckuswireless products
DDOS reflection amplification vulnerability in eAut module of Ruckus Wireless SmartZone controller that allows remote attackers to perform DOS attacks via crafted request.
network
low complexity
ruckuswireless CWE-770
7.5
2022-06-27 CVE-2020-21161 Cross-site Scripting vulnerability in Ruckuswireless Zonedirector Firmware 9.8.3.0
Cross Site Scripting (XSS) vulnerability in Ruckus Wireless ZoneDirector 9.8.3.0.
4.3
2020-07-28 CVE-2020-13919 OS Command Injection vulnerability in Ruckuswireless Unleashed Firmware
emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to achieve command injection via a crafted HTTP request.
network
low complexity
ruckuswireless CWE-78
7.5
2020-07-28 CVE-2020-13918 Information Exposure vulnerability in Ruckuswireless Unleashed Firmware
Incorrect access control in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to leak system information (that can be used for a jailbreak) via an unauthenticated crafted HTTP request.
network
low complexity
ruckuswireless CWE-200
5.0
2020-07-28 CVE-2020-13917 OS Command Injection vulnerability in Ruckuswireless Unleashed Firmware
rkscli in Ruckus Wireless Unleashed through 200.7.10.92 allows a remote attacker to achieve command injection and jailbreak the CLI via a crafted CLI command.
network
low complexity
ruckuswireless CWE-78
7.5
2020-07-28 CVE-2020-13916 Out-of-bounds Write vulnerability in Ruckuswireless Unleashed Firmware 200.7.10.102.92
A stack buffer overflow in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to execute code via an unauthenticated crafted HTTP request.
network
low complexity
ruckuswireless CWE-787
7.5
2020-07-28 CVE-2020-13915 Insufficiently Protected Credentials vulnerability in Ruckuswireless Unleashed Firmware
Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow a remote attacker to overwrite admin credentials via an unauthenticated crafted HTTP request.
network
low complexity
ruckuswireless CWE-522
6.4
2020-07-28 CVE-2020-13914 Improper Input Validation vulnerability in Ruckuswireless Unleashed Firmware
webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to cause a denial of service (Segmentation fault) to the webserver via an unauthenticated crafted HTTP request.
network
low complexity
ruckuswireless CWE-20
5.0