Vulnerabilities > Ruckuswireless > Unleashed Firmware > 200.7.10.102.92
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-07-28 | CVE-2020-13919 | Command Injection vulnerability in Ruckuswireless Unleashed Firmware emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to achieve command injection via a crafted HTTP request. | 9.8 |
2020-07-28 | CVE-2020-13918 | Unspecified vulnerability in Ruckuswireless Unleashed Firmware Incorrect access control in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to leak system information (that can be used for a jailbreak) via an unauthenticated crafted HTTP request. | 7.5 |
2020-07-28 | CVE-2020-13917 | Command Injection vulnerability in Ruckuswireless Unleashed Firmware rkscli in Ruckus Wireless Unleashed through 200.7.10.92 allows a remote attacker to achieve command injection and jailbreak the CLI via a crafted CLI command. | 9.8 |
2020-07-28 | CVE-2020-13916 | Out-of-bounds Write vulnerability in Ruckuswireless Unleashed Firmware A stack buffer overflow in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to execute code via an unauthenticated crafted HTTP request. | 9.8 |
2020-07-28 | CVE-2020-13915 | Incorrect Permission Assignment for Critical Resource vulnerability in Ruckuswireless Unleashed Firmware Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow a remote attacker to overwrite admin credentials via an unauthenticated crafted HTTP request. | 7.5 |
2020-07-28 | CVE-2020-13914 | Unspecified vulnerability in Ruckuswireless Unleashed Firmware webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to cause a denial of service (Segmentation fault) to the webserver via an unauthenticated crafted HTTP request. | 7.5 |
2020-07-28 | CVE-2020-13913 | Cross-site Scripting vulnerability in Ruckuswireless Unleashed Firmware An XSS issue in emfd in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to execute JavaScript code via an unauthenticated crafted HTTP request. | 6.1 |