CVE-2023-25717

Опубликовано: 13 фев. 2023

Источник: nvd

CVSS3: 9.8

EPSS Критический

Описание

Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.

Ссылки

https://cybir.com/2023/cve/proof-of-concept-ruckus-wireless-admin-10-4-unauthenticated-remote-code-execution-csrf-ssrf/
Exploit
Third Party Advisory
https://support.ruckuswireless.com/security_bulletins/315
Patch
Product
Vendor Advisory
https://cybir.com/2023/cve/proof-of-concept-ruckus-wireless-admin-10-4-unauthenticated-remote-code-execution-csrf-ssrf/
Exploit
Third Party Advisory
https://support.ruckuswireless.com/security_bulletins/315
Patch
Product
Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-25717
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:ruckuswireless:ruckus_wireless_admin:*:*:*:*:*:*:*:*

Версия до 10.4 (включая)

cpe:2.3:o:ruckuswireless:smartzone_ap:*:*:*:*:*:*:*:*

Версия до 6.1.0.0.9240 (исключая)

Одно из

cpe:2.3:h:ruckuswireless:e510:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:h320:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:h350:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:h510:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:h550:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:m510:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r310:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r320:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r350:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r510:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r550:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r610:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r650:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r710:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r720:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r730:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r750:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r760:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r850:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:sz-144:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:sz100:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:sz300:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t310c:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t310d:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t310n:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t310s:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t350c:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t350d:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t350se:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t610:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t710:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t710s:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t750:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t750se:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t811-cm:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

Одно из

cpe:2.3:a:ruckuswireless:ruckus_wireless_admin:*:*:*:*:*:*:*:*

Версия до 10.4 (включая)

cpe:2.3:o:ruckuswireless:smartzone_ap:*:*:*:*:*:*:*:*

Версия до 5.2.2.0.2064 (исключая)

Одно из

cpe:2.3:h:ruckuswireless:e510:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:h320:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:h510:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:m510:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r310:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r320:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r500:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r510:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r550:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r600:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r610:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r650:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r710:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r720:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r730:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r750:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r850:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t300:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t301n:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t301s:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t310c:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t310d:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t310n:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t310s:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t504:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t610:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t710:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t710s:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t750:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t750se:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t811-cm:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

Одно из

cpe:2.3:a:ruckuswireless:ruckus_wireless_admin:*:*:*:*:*:*:*:*

Версия до 10.4 (включая)

cpe:2.3:o:ruckuswireless:smartzone_ap:*:*:*:*:*:*:*:*

Версия до 3.6.2.0.795 (исключая)

Одно из

cpe:2.3:h:ruckuswireless:h500:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r300:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r700:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

Одно из

cpe:2.3:a:ruckuswireless:ruckus_wireless_admin:*:*:*:*:*:*:*:*

Версия до 10.4 (включая)

cpe:2.3:o:ruckuswireless:smartzone_ap:*:*:*:*:*:*:*:*

Версия до 6.1.1.0.1274 (исключая)

cpe:2.3:h:ruckuswireless:r560:-:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

Одно из

cpe:2.3:a:ruckuswireless:ruckus_wireless_admin:*:*:*:*:*:*:*:*

Версия до 10.4 (включая)

cpe:2.3:o:commscope:ruckus_smartzone_firmware:*:*:*:*:*:*:*:*

Версия до 5.2.1.3 (исключая)

Одно из

cpe:2.3:h:ruckuswireless:sz-144:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:sz300:-:*:*:*:*:*:*:*

Конфигурация 6

Одновременно

Одно из

cpe:2.3:a:ruckuswireless:ruckus_wireless_admin:*:*:*:*:*:*:*:*

Версия до 10.4 (включая)

cpe:2.3:o:commscope:ruckus_smartzone_firmware:6.1.0.0.935:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:ruckuswireless:sz-144:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:sz100:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:sz300:-:*:*:*:*:*:*:*

Конфигурация 7

Одновременно

cpe:2.3:a:ruckuswireless:ruckus_wireless_admin:*:*:*:*:*:*:*:*

Версия до 10.4 (включая)

Одно из

cpe:2.3:h:ruckuswireless:m510-jp:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:p300:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:q410:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:q710:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:q910:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t811-cm$non-spf$:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:zd1000:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:zd1100:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:zd1200:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:zd3000:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:zd5000:-:*:*:*:*:*:*:*

Конфигурация 8

Одновременно

Одно из

cpe:2.3:a:ruckuswireless:ruckus_wireless_admin:*:*:*:*:*:*:*:*

Версия до 10.4 (включая)

cpe:2.3:o:commscope:ruckus_smartzone_firmware:*:*:*:*:*:*:*:*

Версия до 5.2.1.3.1695 (исключая)

Одно из

cpe:2.3:h:ruckuswireless:sz-144-federal:-:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:sz300-federal:-:*:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.94239

Критический

9.8 Critical

CVSS3

Дефекты

CWE-94

Связанные уязвимости

GHSA-53wx-2f9c-xxxr

CVSS3: 9.8

github

почти 3 года назад

Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.

BDU:2023-02467

CVSS3: 9.8

fstec

почти 3 года назад

Уязвимость панели администрирования Ruckus Wireless Admin сетевых устройств Ruckus Wireless, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 100%

0.94239

Критический

9.8 Critical

CVSS3

Дефекты

CWE-94