CVE-2023-49225
https://notcve.org/view.php?id=CVE-2023-49225
A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone, and AP Solo). If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. As for the affected products/models/versions, see the information provided by the vendor listed under [References] section or the list under [Product Status] section. Existe una vulnerabilidad de Cross-Site-Scripting en los productos Ruckus Access Point (ZoneDirector, SmartZone y AP Solo). Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que inicia sesión en el producto. • https://jvn.jp/en/jp/JVN45891816 https://support.ruckuswireless.com/security_bulletins/323 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-25717 – Multiple Ruckus Wireless Products CSRF and RCE Vulnerability
https://notcve.org/view.php?id=CVE-2023-25717
Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring. Ruckus Wireless Access Point (AP) software contains an unspecified vulnerability in the web services component. If the web services component is enabled on the AP, an attacker can perform cross-site request forgery (CSRF) or remote code execution (RCE). This vulnerability impacts Ruckus ZoneDirector, SmartZone, and Solo APs. • https://cybir.com/2023/cve/proof-of-concept-ruckus-wireless-admin-10-4-unauthenticated-remote-code-execution-csrf-ssrf https://support.ruckuswireless.com/security_bulletins/315 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2017-6230
https://notcve.org/view.php?id=CVE-2017-6230
Ruckus Networks Solo APs firmware releases R110.x or before and Ruckus Networks SZ managed APs firmware releases R5.x or before contain authenticated Root Command Injection in the web-GUI that could allow authenticated valid users to execute privileged commands on the respective systems. Ruckus Networks Solo APs, en versiones de firmware R110.x o anteriores y Ruckus Networks SZ managed APs, en versiones de firmware R5.x o anteriores, contienen inyección de comandos root autenticados en la interfaz gráfica de usuario web que podrían permitir que usuarios autenticados válidos ejecuten comandos privilegiados en los respectivos sistemas. • https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-20180202-v1.0.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •