Vulnerabilities > Ruckuswireless > Unleashed Firmware

DATE CVE VULNERABILITY TITLE RISK
2020-07-28 CVE-2020-13919 Command Injection vulnerability in Ruckuswireless Unleashed Firmware
emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to achieve command injection via a crafted HTTP request.
network
low complexity
ruckuswireless CWE-77
critical
 9.8
9.8
2020-07-28 CVE-2020-13918 Unspecified vulnerability in Ruckuswireless Unleashed Firmware
Incorrect access control in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to leak system information (that can be used for a jailbreak) via an unauthenticated crafted HTTP request.
network
low complexity
ruckuswireless
7.5
7.5
2020-07-28 CVE-2020-13917 Command Injection vulnerability in Ruckuswireless Unleashed Firmware
rkscli in Ruckus Wireless Unleashed through 200.7.10.92 allows a remote attacker to achieve command injection and jailbreak the CLI via a crafted CLI command.
network
low complexity
ruckuswireless CWE-77
critical
 9.8
9.8
2020-07-28 CVE-2020-13916 Out-of-bounds Write vulnerability in Ruckuswireless Unleashed Firmware
A stack buffer overflow in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to execute code via an unauthenticated crafted HTTP request.
network
low complexity
ruckuswireless CWE-787
critical
 9.8
9.8
2020-07-28 CVE-2020-13915 Incorrect Permission Assignment for Critical Resource vulnerability in Ruckuswireless Unleashed Firmware
Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow a remote attacker to overwrite admin credentials via an unauthenticated crafted HTTP request.
network
low complexity
ruckuswireless CWE-732
7.5
7.5
2020-07-28 CVE-2020-13914 Unspecified vulnerability in Ruckuswireless Unleashed Firmware
webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to cause a denial of service (Segmentation fault) to the webserver via an unauthenticated crafted HTTP request.
network
low complexity
ruckuswireless
7.5
7.5
2020-07-28 CVE-2020-13913 Cross-site Scripting vulnerability in Ruckuswireless Unleashed Firmware
An XSS issue in emfd in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to execute JavaScript code via an unauthenticated crafted HTTP request.
network
low complexity
ruckuswireless CWE-79
6.1
6.1
2017-10-13 CVE-2017-6224 OS Command Injection vulnerability in Ruckuswireless Unleashed Firmware and Zonedirector Firmware
Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ZD10.0.0.x, ZD10.0.1.x (less than 10.0.1.0.17 MR1 release) and Ruckus Wireless Unleashed AP Firmware releases 200.0.x, 200.1.x, 200.2.x, 200.3.x, 200.4.x.
network
low complexity
ruckuswireless CWE-78
8.8
8.8