Vulnerabilities > Ruckuswireless > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-02-13 CVE-2023-25717 Code Injection vulnerability in Ruckuswireless Ruckus Wireless Admin, Smartzone and Smartzone AP
Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.
network
low complexity
ruckuswireless CWE-94
critical
 9.8
9.8
2023-01-20 CVE-2020-22653 Unspecified vulnerability in Ruckuswireless products
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to exploit the official image signature to force injection unauthorized image signature.
network
low complexity
ruckuswireless
critical
 9.8
9.8
2023-01-20 CVE-2020-22654 Unspecified vulnerability in Ruckuswireless products
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to bypass firmware image bad md5 checksum failed error.
network
low complexity
ruckuswireless
critical
 9.8
9.8
2023-01-20 CVE-2020-22657 Improper Authentication vulnerability in Ruckuswireless products
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to perform WEB GUI login authentication bypass.
network
low complexity
ruckuswireless CWE-287
critical
 9.1
9.1
2023-01-20 CVE-2020-22658 Unspecified vulnerability in Ruckuswireless products
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to switch completely to unauthorized image to be Boot as primary verified image.
network
low complexity
ruckuswireless
critical
 9.8
9.8
2020-07-28 CVE-2020-13919 Command Injection vulnerability in Ruckuswireless Unleashed Firmware
emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to achieve command injection via a crafted HTTP request.
network
low complexity
ruckuswireless CWE-77
critical
 9.8
9.8
2020-07-28 CVE-2020-13917 Command Injection vulnerability in Ruckuswireless Unleashed Firmware
rkscli in Ruckus Wireless Unleashed through 200.7.10.92 allows a remote attacker to achieve command injection and jailbreak the CLI via a crafted CLI command.
network
low complexity
ruckuswireless CWE-77
critical
 9.8
9.8
2020-07-28 CVE-2020-13916 Out-of-bounds Write vulnerability in Ruckuswireless Unleashed Firmware
A stack buffer overflow in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to execute code via an unauthenticated crafted HTTP request.
network
low complexity
ruckuswireless CWE-787
critical
 9.8
9.8
2020-01-23 CVE-2019-19839 OS Command Injection vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/_cmdstat.jsp via the uploadFile attribute.
network
low complexity
ruckuswireless CWE-78
critical
 9.8
9.8
2020-01-23 CVE-2019-19838 OS Command Injection vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/_cmdstat.jsp via the uploadFile attribute.
network
low complexity
ruckuswireless CWE-78
critical
 9.8
9.8