CVE-2020-22653
https://notcve.org/view.php?id=CVE-2020-22653
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to exploit the official image signature to force injection unauthorized image signature. • https://support.ruckuswireless.com/security_bulletins/302 https://hdhrmi.blogspot.com/2020/03/multiple-vulnerabilities-in-ruckus.html?m=1 •
CVE-2020-21161
https://notcve.org/view.php?id=CVE-2020-21161
Cross Site Scripting (XSS) vulnerability in Ruckus Wireless ZoneDirector 9.8.3.0. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en Ruckus Wireless ZoneDirector versión 9.8.3.0 • http://ruckus.com http://zonedirector.com https://dollahibrahim.blogspot.com/2019/11/cross-site-scripting-on-ruckus.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-19839
https://notcve.org/view.php?id=CVE-2019-19839
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/_cmdstat.jsp via the uploadFile attribute. emfd en Ruckus Wireless Unleashed versiones hasta 200.7.10.102.64, permite a atacantes remotos ejecutar comandos del Sistema Operativo por medio de una petición POST con el atributo xcmd=import-category en el archivo admin/_cmdstat.jsp mediante el atributo uploadFile. • https://alephsecurity.com/2020/01/14/ruckus-wireless https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html https://www.ruckuswireless.com/security/299/view/txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2019-19838
https://notcve.org/view.php?id=CVE-2019-19838
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/_cmdstat.jsp via the uploadFile attribute. emfd en Ruckus Wireless Unleashed versiones hasta 200.7.10.102.64, permite a atacantes remotos ejecutar comandos del Sistema Operativo por medio de una petición POST con el atributo xcmd=get-platform-depends en el archivo admin/_cmdstat.jsp mediante el atributo uploadFile. • https://alephsecurity.com/2020/01/14/ruckus-wireless https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html https://www.ruckuswireless.com/security/299/view/txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2019-19835
https://notcve.org/view.php?id=CVE-2019-19835
SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote denial of service via the server attribute to the tools/_rcmdstat.jsp URI. Una vulnerabilidad de tipo SSRF en la función AjaxRestrictedCmdStat en zap en Ruckus Wireless Unleashed versiones hasta 200.7.10.102.64, permite una denegación de servicio remota por medio del atributo server en el URI tools/_rcmdstat.jsp. • https://alephsecurity.com/2020/01/14/ruckus-wireless https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html https://www.ruckuswireless.com/security/299/view/txt • CWE-918: Server-Side Request Forgery (SSRF) •