CVE-2020-13915
https://notcve.org/view.php?id=CVE-2020-13915
Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow a remote attacker to overwrite admin credentials via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices. Los permisos no seguros en emfd/libemf en Ruckus Wireless Unleashed versiones hasta 200.7.10.102.92, permiten a un atacante remoto sobrescribir las credenciales de administrador por medio de una petición HTTP no autenticada. Esto afecta a los dispositivos C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, y T710 • https://support.ruckuswireless.com/security_bulletins/304 • CWE-522: Insufficiently Protected Credentials CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2020-13914
https://notcve.org/view.php?id=CVE-2020-13914
webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to cause a denial of service (Segmentation fault) to the webserver via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices. webs en Ruckus Wireless Unleashed versiones hasta 200.7.10.102.92 permite a un atacante remoto causar una denegación de servicio (error de segmentación) en el servidor web por medio de una petición HTTP no autenticada. Esto afecta a los dispositivos C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, y T710 • https://support.ruckuswireless.com/security_bulletins/304 •
CVE-2020-13913
https://notcve.org/view.php?id=CVE-2020-13913
An XSS issue in emfd in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to execute JavaScript code via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices. Un problema de tipo XSS en emfd en Ruckus Wireless Unleashed versiones hasta 200.7.10.102.92, permite a un atacante remoto ejecutar código JavaScript por medio de una petición HTTP no autenticada. Esto afecta a los dispositivos C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, y T710 • https://support.ruckuswireless.com/security_bulletins/304 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-19839
https://notcve.org/view.php?id=CVE-2019-19839
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/_cmdstat.jsp via the uploadFile attribute. emfd en Ruckus Wireless Unleashed versiones hasta 200.7.10.102.64, permite a atacantes remotos ejecutar comandos del Sistema Operativo por medio de una petición POST con el atributo xcmd=import-category en el archivo admin/_cmdstat.jsp mediante el atributo uploadFile. • https://alephsecurity.com/2020/01/14/ruckus-wireless https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html https://www.ruckuswireless.com/security/299/view/txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2019-19838
https://notcve.org/view.php?id=CVE-2019-19838
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/_cmdstat.jsp via the uploadFile attribute. emfd en Ruckus Wireless Unleashed versiones hasta 200.7.10.102.64, permite a atacantes remotos ejecutar comandos del Sistema Operativo por medio de una petición POST con el atributo xcmd=get-platform-depends en el archivo admin/_cmdstat.jsp mediante el atributo uploadFile. • https://alephsecurity.com/2020/01/14/ruckus-wireless https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html https://www.ruckuswireless.com/security/299/view/txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •