Lucene search

MitreCVE-2020-13915

HistoryJul 28, 2020 - 3:15 p.m.

CVE-2020-13915

2020-07-2815:15:11

CWE-522

CWE-732

mitre

web.nvd.nist.gov

cve-2020-13915

insecure permissions

ruckus wireless unleashed

remote attacker

admin credentials

vulnerability

nvd

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.5

Confidence

High

EPSS

0.006

Percentile

77.9%

JSON

Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow a remote attacker to overwrite admin credentials via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices.

Affected configurations

Nvd

Node

ruckuswirelessunleashed_firmwareRange≤200.7.10.102.92

AND

ruckuswirelessc110Match-

ruckuswirelesse510Match-

ruckuswirelessh320Match-

ruckuswirelessh510Match-

ruckuswirelessm510Match-

ruckuswirelessr310Match-

ruckuswirelessr320Match-

ruckuswirelessr500Match-

ruckuswirelessr510Match-

ruckuswirelessr600Match-

ruckuswirelessr610Match-

ruckuswirelessr710Match-

ruckuswirelessr720Match-

ruckuswirelessr750Match-

ruckuswirelesst300Match-

ruckuswirelesst301nMatch-

ruckuswirelesst301sMatch-

ruckuswirelesst310cMatch-

ruckuswirelesst310dMatch-

ruckuswirelesst310nMatch-

ruckuswirelesst310sMatch-

ruckuswirelesst610Match-

ruckuswirelesst710Match-

ruckuswirelesst710sMatch-

VendorProductVersionCPE
ruckuswirelessunleashed_firmware*cpe:2.3:o:ruckuswireless:unleashed_firmware:*:*:*:*:*:*:*:*
ruckuswirelessc110-cpe:2.3:h:ruckuswireless:c110:-:*:*:*:*:*:*:*
ruckuswirelesse510-cpe:2.3:h:ruckuswireless:e510:-:*:*:*:*:*:*:*
ruckuswirelessh320-cpe:2.3:h:ruckuswireless:h320:-:*:*:*:*:*:*:*
ruckuswirelessh510-cpe:2.3:h:ruckuswireless:h510:-:*:*:*:*:*:*:*
ruckuswirelessm510-cpe:2.3:h:ruckuswireless:m510:-:*:*:*:*:*:*:*
ruckuswirelessr310-cpe:2.3:h:ruckuswireless:r310:-:*:*:*:*:*:*:*
ruckuswirelessr320-cpe:2.3:h:ruckuswireless:r320:-:*:*:*:*:*:*:*
ruckuswirelessr500-cpe:2.3:h:ruckuswireless:r500:-:*:*:*:*:*:*:*
ruckuswirelessr510-cpe:2.3:h:ruckuswireless:r510:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ruckuswireless	unleashed_firmware	*	cpe:2.3:o:ruckuswireless:unleashed_firmware::::::::
ruckuswireless	c110	-	cpe:2.3:h:ruckuswireless:c110:-:::::::*
ruckuswireless	e510	-	cpe:2.3:h:ruckuswireless:e510:-:::::::*
ruckuswireless	h320	-	cpe:2.3:h:ruckuswireless:h320:-:::::::*
ruckuswireless	h510	-	cpe:2.3:h:ruckuswireless:h510:-:::::::*
ruckuswireless	m510	-	cpe:2.3:h:ruckuswireless:m510:-:::::::*
ruckuswireless	r310	-	cpe:2.3:h:ruckuswireless:r310:-:::::::*
ruckuswireless	r320	-	cpe:2.3:h:ruckuswireless:r320:-:::::::*
ruckuswireless	r500	-	cpe:2.3:h:ruckuswireless:r500:-:::::::*
ruckuswireless	r510	-	cpe:2.3:h:ruckuswireless:r510:-:::::::*

Rows per page:

1-10 of 251

References

support.ruckuswireless.com/security_bulletins/304

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.5

Confidence

High

EPSS

0.006

Percentile

77.9%

JSON

Related for CVE-2020-13915