2 results (0.007 seconds)

CVSS: 6.1EPSS: 0%CPEs: 76EXPL: 0

A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone, and AP Solo). If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. As for the affected products/models/versions, see the information provided by the vendor listed under [References] section or the list under [Product Status] section. Existe una vulnerabilidad de Cross-Site-Scripting en los productos Ruckus Access Point (ZoneDirector, SmartZone y AP Solo). Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que inicia sesión en el producto. • https://jvn.jp/en/jp/JVN45891816 https://support.ruckuswireless.com/security_bulletins/323 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.3EPSS: 0%CPEs: 14EXPL: 0

Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ZD10.0.0.x, ZD10.0.1.x (less than 10.0.1.0.17 MR1 release) and Ruckus Wireless Unleashed AP Firmware releases 200.0.x, 200.1.x, 200.2.x, 200.3.x, 200.4.x. contain OS Command Injection vulnerabilities that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system by appending those commands in the Common Name field in the Certificate Generation Request. Ruckus Wireless Zone Director Controller en distribuciones de firmware ZD10.0.0.x, ZD10.0.1.x (anteriores a la distribución 10.0.1.0.17 MR1) y Ruckus Wireless Unleashed AP Firmware, distribuciones 200.0.x, 200.1.x, 200.2.x, 200.3.x, 200.4.x., contienen vulnerabilidades de inyección de comandos del sistema operativo que podrían permitir que usuarios locales autenticados ejecuten comandos arbitrarios con privilegios en el sistema operativo subyacente anexando esos comandos en el campo Common Name en Certificate Generation Request. • https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-092917.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •