CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0CVE-2020-13914
https://notcve.org/view.php?id=CVE-2020-13914
webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to cause a denial of service (Segmentation fault) to the webserver via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices. webs en Ruckus Wireless Unleashed versiones hasta 200.7.10.102.92 permite a un atacante remoto causar una denegación de servicio (error de segmentación) en el servidor web por medio de una petición HTTP no autenticada. Esto afecta a los dispositivos C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, y T710 • https://support.ruckuswireless.com/security_bulletins/304 •
CVSS: 6.1EPSS: 0%CPEs: 25EXPL: 0CVE-2020-13913
https://notcve.org/view.php?id=CVE-2020-13913
An XSS issue in emfd in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to execute JavaScript code via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices. Un problema de tipo XSS en emfd en Ruckus Wireless Unleashed versiones hasta 200.7.10.102.92, permite a un atacante remoto ejecutar código JavaScript por medio de una petición HTTP no autenticada. Esto afecta a los dispositivos C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, y T710 • https://support.ruckuswireless.com/security_bulletins/304 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 14EXPL: 0CVE-2017-6224
https://notcve.org/view.php?id=CVE-2017-6224
Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ZD10.0.0.x, ZD10.0.1.x (less than 10.0.1.0.17 MR1 release) and Ruckus Wireless Unleashed AP Firmware releases 200.0.x, 200.1.x, 200.2.x, 200.3.x, 200.4.x. contain OS Command Injection vulnerabilities that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system by appending those commands in the Common Name field in the Certificate Generation Request. Ruckus Wireless Zone Director Controller en distribuciones de firmware ZD10.0.0.x, ZD10.0.1.x (anteriores a la distribución 10.0.1.0.17 MR1) y Ruckus Wireless Unleashed AP Firmware, distribuciones 200.0.x, 200.1.x, 200.2.x, 200.3.x, 200.4.x., contienen vulnerabilidades de inyección de comandos del sistema operativo que podrían permitir que usuarios locales autenticados ejecuten comandos arbitrarios con privilegios en el sistema operativo subyacente anexando esos comandos en el campo Common Name en Certificate Generation Request. • https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-092917.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •