1 results (0.001 seconds)
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1
CVE-2020-8438
https://notcve.org/view.php?id=CVE-2020-8438
Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the nslookuptarget=|cat${IFS} substring. Los dispositivos Ruckus ZoneFlex R500 versión 104.0.0.0.1347, permiten a un atacante autenticado ejecutar comandos arbitrarios del sistema operativo por medio del formulario oculto de /forms/nslookupHandler, como es demostrado por la subcadena nslookuptarget=|cat${IFS}. • https://sku11army.blogspot.com/2020/01/ruckus-rce-ruckus-m500-via-injection-on.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •