CVE-2023-25717

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-25717
Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://cybir.com/2023/cve/proof-of-concept-ruckus-wireless-admin-10-4-unauthenticated-remote-code-execution-csrf-ssrf/ Exploit Third Party Advisory
https://support.ruckuswireless.com/security_bulletins/315 Patch Product Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:h:ruckuswireless:e510:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:h320:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:h350:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:h510:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:h550:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:m510:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r310:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r320:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r350:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r510:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r550:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r610:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r650:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r710:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r720:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r730:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r750:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r760:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r850:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:sz-144:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:sz100:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:sz300:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t310c:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t310d:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t310n:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t310s:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t350c:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t350d:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t350se:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t610:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t710:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t710s:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t750:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t750se:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t811-cm:-:*:*:*:*:*:*:*
OR cpe:2.3:a:ruckuswireless:ruckus_wireless_admin:*:*:*:*:*:*:*:*
cpe:2.3:o:ruckuswireless:smartzone_ap:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:h:ruckuswireless:e510:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:h320:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:h510:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:m510:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r310:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r320:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r500:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r510:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r550:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r600:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r610:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r650:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r710:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r720:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r730:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r750:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r850:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t300:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t301n:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t301s:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t310c:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t310d:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t310n:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t310s:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t504:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t610:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t710:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t710s:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t750:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t750se:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t811-cm:-:*:*:*:*:*:*:*
OR cpe:2.3:a:ruckuswireless:ruckus_wireless_admin:*:*:*:*:*:*:*:*
cpe:2.3:o:ruckuswireless:smartzone_ap:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:h:ruckuswireless:h500:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r300:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r700:-:*:*:*:*:*:*:*
OR cpe:2.3:a:ruckuswireless:ruckus_wireless_admin:*:*:*:*:*:*:*:*
cpe:2.3:o:ruckuswireless:smartzone_ap:*:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:h:ruckuswireless:r560:-:*:*:*:*:*:*:*
OR cpe:2.3:a:ruckuswireless:ruckus_wireless_admin:*:*:*:*:*:*:*:*
cpe:2.3:o:ruckuswireless:smartzone_ap:*:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:h:ruckuswireless:sz-144:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:sz300:-:*:*:*:*:*:*:*
OR cpe:2.3:a:ruckuswireless:ruckus_wireless_admin:*:*:*:*:*:*:*:*
cpe:2.3:o:ruckuswireless:smartzone:*:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:h:ruckuswireless:sz-144:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:sz100:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:sz300:-:*:*:*:*:*:*:*
OR cpe:2.3:a:ruckuswireless:ruckus_wireless_admin:*:*:*:*:*:*:*:*
cpe:2.3:o:ruckuswireless:smartzone:6.1.0.0.935:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
OR cpe:2.3:h:ruckuswireless:m510-jp:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:p300:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:q410:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:q710:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:q910:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t811-cm\(non-spf\):-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:zd1000:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:zd1100:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:zd1200:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:zd3000:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:zd5000:-:*:*:*:*:*:*:*
cpe:2.3:a:ruckuswireless:ruckus_wireless_admin:*:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
OR cpe:2.3:h:ruckuswireless:sz-144-federal:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:sz300-federal:-:*:*:*:*:*:*:*
OR cpe:2.3:a:ruckuswireless:ruckus_wireless_admin:*:*:*:*:*:*:*:*
cpe:2.3:o:ruckuswireless:smartzone:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2023-02-13 20:15

Updated : 2023-02-23 16:26

NVD link : CVE-2023-25717

Mitre link : CVE-2023-25717

CVE.ORG link : CVE-2023-25717

JSON object : View

Products Affected

ruckuswireless

  • r720
  • r700
  • t710s
  • r850
  • r750
  • r600
  • h350
  • r550
  • e510
  • r510
  • r710
  • sz100
  • r300
  • p300
  • t350se
  • zd1100
  • r730
  • t310n
  • q910
  • r610
  • t310s
  • r320
  • t811-cm
  • t310c
  • t350d
  • q410
  • t811-cm\(non-spf\)
  • h320
  • r350
  • zd1200
  • sz-144
  • m510
  • ruckus_wireless_admin
  • h550
  • r560
  • h510
  • zd5000
  • h500
  • t504
  • t301s
  • r760
  • r310
  • zd1000
  • t301n
  • t310d
  • smartzone
  • sz-144-federal
  • r650
  • t350c
  • zd3000
  • sz300-federal
  • r500
  • t610
  • t710
  • t300
  • smartzone_ap
  • t750
  • q710
  • sz300
  • m510-jp
  • t750se
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')