Lucene search

MitreCVE-2019-19837

HistoryJan 23, 2020 - 1:15 p.m.

CVE-2019-19837

2020-01-2313:15:12

mitre

web.nvd.nist.gov

cve

2019

19837

web interface

ruckus wireless

unleashed

access control

information disclosure

http requests

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.1

Confidence

High

EPSS

0.002

Percentile

59.1%

JSON

Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote information disclosure of bin/web.conf via HTTP requests.

Affected configurations

Nvd

Node

ruckuswirelessunleashedRange<200.7.10.202.94

AND

ruckuswirelessc110Match-

ruckuswirelesse510Match-

ruckuswirelessh320Match-

ruckuswirelessh510Match-

ruckuswirelessm510Match-

ruckuswirelessr310Match-

ruckuswirelessr320Match-

ruckuswirelessr510Match-

ruckuswirelessr610Match-

ruckuswirelessr710Match-

ruckuswirelessr720Match-

ruckuswirelesst310Match-

ruckuswirelesst610Match-

ruckuswirelesst710Match-

Node

ruckuswirelesszonedirector_1200_firmwareRange<9.10.2.0.84

ruckuswirelesszonedirector_1200_firmwareRange9.12.0–9.12.3.0.136

ruckuswirelesszonedirector_1200_firmwareRange9.13.0–10.0.1.0.90

ruckuswirelesszonedirector_1200_firmwareRange10.1.0–10.1.2.0.275

ruckuswirelesszonedirector_1200_firmwareRange10.2.0–10.2.1.0.147

ruckuswirelesszonedirector_1200_firmwareRange10.3.0–10.3.1.0.21

AND

ruckuswirelesszonedirector_1200Match-

VendorProductVersionCPE
ruckuswirelessunleashed*cpe:2.3:o:ruckuswireless:unleashed:*:*:*:*:*:*:*:*
ruckuswirelessc110-cpe:2.3:h:ruckuswireless:c110:-:*:*:*:*:*:*:*
ruckuswirelesse510-cpe:2.3:h:ruckuswireless:e510:-:*:*:*:*:*:*:*
ruckuswirelessh320-cpe:2.3:h:ruckuswireless:h320:-:*:*:*:*:*:*:*
ruckuswirelessh510-cpe:2.3:h:ruckuswireless:h510:-:*:*:*:*:*:*:*
ruckuswirelessm510-cpe:2.3:h:ruckuswireless:m510:-:*:*:*:*:*:*:*
ruckuswirelessr310-cpe:2.3:h:ruckuswireless:r310:-:*:*:*:*:*:*:*
ruckuswirelessr320-cpe:2.3:h:ruckuswireless:r320:-:*:*:*:*:*:*:*
ruckuswirelessr510-cpe:2.3:h:ruckuswireless:r510:-:*:*:*:*:*:*:*
ruckuswirelessr610-cpe:2.3:h:ruckuswireless:r610:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ruckuswireless	unleashed	*	cpe:2.3:o:ruckuswireless:unleashed::::::::
ruckuswireless	c110	-	cpe:2.3:h:ruckuswireless:c110:-:::::::*
ruckuswireless	e510	-	cpe:2.3:h:ruckuswireless:e510:-:::::::*
ruckuswireless	h320	-	cpe:2.3:h:ruckuswireless:h320:-:::::::*
ruckuswireless	h510	-	cpe:2.3:h:ruckuswireless:h510:-:::::::*
ruckuswireless	m510	-	cpe:2.3:h:ruckuswireless:m510:-:::::::*
ruckuswireless	r310	-	cpe:2.3:h:ruckuswireless:r310:-:::::::*
ruckuswireless	r320	-	cpe:2.3:h:ruckuswireless:r320:-:::::::*
ruckuswireless	r510	-	cpe:2.3:h:ruckuswireless:r510:-:::::::*
ruckuswireless	r610	-	cpe:2.3:h:ruckuswireless:r610:-:::::::*

Rows per page:

1-10 of 171

References

alephsecurity.com/2020/01/14/ruckus-wireless

fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html

www.ruckuswireless.com/security/299/view/txt

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.1

Confidence

High

EPSS

0.002

Percentile

59.1%

JSON

Related for CVE-2019-19837