CVE-2019-19839

Опубликовано: 23 янв. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/_cmdstat.jsp via the uploadFile attribute.

Ссылки

https://alephsecurity.com/2020/01/14/ruckus-wireless
Exploit
Technical Description
Third Party Advisory
https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html
Third Party Advisory
https://www.ruckuswireless.com/security/299/view/txt
Vendor Advisory
https://alephsecurity.com/2020/01/14/ruckus-wireless
Exploit
Technical Description
Third Party Advisory
https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html
Third Party Advisory
https://www.ruckuswireless.com/security/299/view/txt
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:ruckuswireless:unleashed:*:*:*:*:*:*:*:*

Версия до 200.7.10.202.94 (исключая)

Одно из

cpe:2.3:h:ruckuswireless:c110:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:e510:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:h320:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:h510:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:m510:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r310:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r320:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r510:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r610:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r710:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r720:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t310:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t610:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t710:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

Одно из