Lucene search

MitreCVE-2020-13913

HistoryJul 28, 2020 - 3:15 p.m.

CVE-2020-13913

2020-07-2815:15:11

CWE-79

mitre

web.nvd.nist.gov

cve-2020-13913

xss

emfd

ruckus wireless unleashed

security vulnerability

remote attacker

javascript code

http request

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

0.002

Percentile

61.5%

JSON

An XSS issue in emfd in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to execute JavaScript code via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices.

Affected configurations

Nvd

Node

ruckuswirelessc110Match-

ruckuswirelesse510Match-

ruckuswirelessh320Match-

ruckuswirelessh510Match-

ruckuswirelessm510Match-

ruckuswirelessr310Match-

ruckuswirelessr320Match-

ruckuswirelessr500Match-

ruckuswirelessr510Match-

ruckuswirelessr600Match-

ruckuswirelessr610Match-

ruckuswirelessr710Match-

ruckuswirelessr720Match-

ruckuswirelessr750Match-

ruckuswirelesst300Match-

ruckuswirelesst301nMatch-

ruckuswirelesst301sMatch-

ruckuswirelesst310cMatch-

ruckuswirelesst310dMatch-

ruckuswirelesst310nMatch-

ruckuswirelesst310sMatch-

ruckuswirelesst610Match-

ruckuswirelesst710Match-

ruckuswirelesst710sMatch-

AND

ruckuswirelessunleashed_firmwareRange≤200.7.10.102.92

VendorProductVersionCPE
ruckuswirelessc110-cpe:2.3:h:ruckuswireless:c110:-:*:*:*:*:*:*:*
ruckuswirelesse510-cpe:2.3:h:ruckuswireless:e510:-:*:*:*:*:*:*:*
ruckuswirelessh320-cpe:2.3:h:ruckuswireless:h320:-:*:*:*:*:*:*:*
ruckuswirelessh510-cpe:2.3:h:ruckuswireless:h510:-:*:*:*:*:*:*:*
ruckuswirelessm510-cpe:2.3:h:ruckuswireless:m510:-:*:*:*:*:*:*:*
ruckuswirelessr310-cpe:2.3:h:ruckuswireless:r310:-:*:*:*:*:*:*:*
ruckuswirelessr320-cpe:2.3:h:ruckuswireless:r320:-:*:*:*:*:*:*:*
ruckuswirelessr500-cpe:2.3:h:ruckuswireless:r500:-:*:*:*:*:*:*:*
ruckuswirelessr510-cpe:2.3:h:ruckuswireless:r510:-:*:*:*:*:*:*:*
ruckuswirelessr600-cpe:2.3:h:ruckuswireless:r600:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ruckuswireless	c110	-	cpe:2.3:h:ruckuswireless:c110:-:::::::*
ruckuswireless	e510	-	cpe:2.3:h:ruckuswireless:e510:-:::::::*
ruckuswireless	h320	-	cpe:2.3:h:ruckuswireless:h320:-:::::::*
ruckuswireless	h510	-	cpe:2.3:h:ruckuswireless:h510:-:::::::*
ruckuswireless	m510	-	cpe:2.3:h:ruckuswireless:m510:-:::::::*
ruckuswireless	r310	-	cpe:2.3:h:ruckuswireless:r310:-:::::::*
ruckuswireless	r320	-	cpe:2.3:h:ruckuswireless:r320:-:::::::*
ruckuswireless	r500	-	cpe:2.3:h:ruckuswireless:r500:-:::::::*
ruckuswireless	r510	-	cpe:2.3:h:ruckuswireless:r510:-:::::::*
ruckuswireless	r600	-	cpe:2.3:h:ruckuswireless:r600:-:::::::*

Rows per page:

1-10 of 251

References

support.ruckuswireless.com/security_bulletins/304

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

0.002

Percentile

61.5%

JSON

Related for CVE-2020-13913