CVE-2023-25717 – Multiple Ruckus Wireless Products CSRF and RCE Vulnerability
https://notcve.org/view.php?id=CVE-2023-25717
Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring. Ruckus Wireless Access Point (AP) software contains an unspecified vulnerability in the web services component. If the web services component is enabled on the AP, an attacker can perform cross-site request forgery (CSRF) or remote code execution (RCE). This vulnerability impacts Ruckus ZoneDirector, SmartZone, and Solo APs. • https://cybir.com/2023/cve/proof-of-concept-ruckus-wireless-admin-10-4-unauthenticated-remote-code-execution-csrf-ssrf https://support.ruckuswireless.com/security_bulletins/315 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2021-36630
https://notcve.org/view.php?id=CVE-2021-36630
DDOS reflection amplification vulnerability in eAut module of Ruckus Wireless SmartZone controller that allows remote attackers to perform DOS attacks via crafted request. Vulnerabilidad de amplificación de reflexión DDOS en el módulo eAut del controlador Ruckus Wireless SmartZone que permite a atacantes remotos realizar ataques DOS a través de una solicitud manipulada. • https://github.com/lixiang957/CVE-2021-36630 http://ruckus.com http://smartzone-100.com https://anquan.baidu.com/article/1434 https://www.commscope.com/globalassets/digizuite/921070-faq-security-advisory-id-20210719-v1-0.pdf https://www.freebuf.com/articles/web/260338.html • CWE-770: Allocation of Resources Without Limits or Throttling •