Vulnerabilities > Ruckuswireless > Unleashed > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-01-23 CVE-2019-19838 OS Command Injection vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/_cmdstat.jsp via the uploadFile attribute.
network
low complexity
ruckuswireless CWE-78
critical
 9.8
9.8
2020-01-23 CVE-2019-19839 OS Command Injection vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/_cmdstat.jsp via the uploadFile attribute.
network
low complexity
ruckuswireless CWE-78
critical
 9.8
9.8
2020-01-22 CVE-2019-19840 Out-of-bounds Write vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware
A stack-based buffer overflow in zap_parse_args in zap.c in zap in Ruckus Unleashed through 200.7.10.102.64 allows remote code execution via an unauthenticated HTTP request.
network
low complexity
ruckuswireless CWE-787
critical
 9.8
9.8
2020-01-22 CVE-2019-19841 OS Command Injection vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=packet-capture to admin/_cmdstat.jsp via the mac attribute.
network
low complexity
ruckuswireless CWE-78
critical
 9.8
9.8
2020-01-22 CVE-2019-19842 OS Command Injection vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=spectra-analysis to admin/_cmdstat.jsp via the mac attribute.
network
low complexity
ruckuswireless CWE-78
critical
 9.8
9.8
2020-01-22 CVE-2019-19836 Improper Input Validation vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware
AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote code execution via a POST request that uses tools/_rcmdstat.jsp to write to a specified filename.
network
low complexity
ruckuswireless CWE-20
critical
 9.8
9.8
2020-01-22 CVE-2019-19843 Insufficiently Protected Credentials vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware
Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wps_tool_cache.
network
low complexity
ruckuswireless CWE-522
critical
 9.8
9.8