T310

DATE	CVE	VULNERABILITY TITLE	RISK
2020-01-23	CVE-2019-19839	OS Command Injection vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/_cmdstat.jsp via the uploadFile attribute. network low complexity ruckuswireless CWE-78 critical	10.0
2020-01-23	CVE-2019-19838	OS Command Injection vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/_cmdstat.jsp via the uploadFile attribute. network low complexity ruckuswireless CWE-78 critical	10.0
2020-01-23	CVE-2019-19835	Server-Side Request Forgery (SSRF) vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote denial of service via the server attribute to the tools/_rcmdstat.jsp URI. network low complexity ruckuswireless CWE-918	5.0
2020-01-22	CVE-2019-19842	OS Command Injection vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=spectra-analysis to admin/_cmdstat.jsp via the mac attribute. network low complexity ruckuswireless CWE-78 critical	10.0
2020-01-22	CVE-2019-19841	OS Command Injection vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=packet-capture to admin/_cmdstat.jsp via the mac attribute. network low complexity ruckuswireless CWE-78 critical	10.0
2020-01-22	CVE-2019-19840	Out-of-bounds Write vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware A stack-based buffer overflow in zap_parse_args in zap.c in zap in Ruckus Unleashed through 200.7.10.102.64 allows remote code execution via an unauthenticated HTTP request. network low complexity ruckuswireless CWE-787	7.5
2020-01-22	CVE-2019-19836	Improper Input Validation vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote code execution via a POST request that uses tools/_rcmdstat.jsp to write to a specified filename. network low complexity ruckuswireless CWE-20	7.5
2020-01-22	CVE-2019-19834	Path Traversal vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote attacker to jailbreak the CLI via enable->debug->script->exec with ../../../bin/sh as the parameter. network low complexity ruckuswireless CWE-22	6.5