CVE-2023-25717

Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:ruckuswireless:ruckus_wireless_admin:*:*:*:*:*:*:*:*
cpe:2.3:o:ruckuswireless:smartzone_ap:*:*:*:*:*:*:*:*
OR cpe:2.3:h:ruckuswireless:e510:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:h320:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:h350:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:h510:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:h550:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:m510:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r310:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r320:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r350:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r510:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r550:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r610:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r650:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r710:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r720:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r730:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r750:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r760:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r850:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:sz-144:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:sz100:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:sz300:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t310c:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t310d:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t310n:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t310s:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t350c:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t350d:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t350se:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t610:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t710:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t710s:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t750:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t750se:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t811-cm:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:ruckuswireless:ruckus_wireless_admin:*:*:*:*:*:*:*:*
cpe:2.3:o:ruckuswireless:smartzone_ap:*:*:*:*:*:*:*:*
OR cpe:2.3:h:ruckuswireless:e510:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:h320:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:h510:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:m510:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r310:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r320:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r500:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r510:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r550:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r600:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r610:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r650:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r710:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r720:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r730:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r750:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r850:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t300:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t301n:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t301s:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t310c:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t310d:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t310n:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t310s:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t504:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t610:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t710:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t710s:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t750:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t750se:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t811-cm:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:a:ruckuswireless:ruckus_wireless_admin:*:*:*:*:*:*:*:*
cpe:2.3:o:ruckuswireless:smartzone_ap:*:*:*:*:*:*:*:*
OR cpe:2.3:h:ruckuswireless:h500:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r300:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r700:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:a:ruckuswireless:ruckus_wireless_admin:*:*:*:*:*:*:*:*
cpe:2.3:o:ruckuswireless:smartzone_ap:*:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r560:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:a:ruckuswireless:ruckus_wireless_admin:*:*:*:*:*:*:*:*
cpe:2.3:o:ruckuswireless:smartzone:*:*:*:*:*:*:*:*
OR cpe:2.3:h:ruckuswireless:sz-144:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:sz300:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:a:ruckuswireless:ruckus_wireless_admin:*:*:*:*:*:*:*:*
cpe:2.3:o:ruckuswireless:smartzone:6.1.0.0.935:*:*:*:*:*:*:*
OR cpe:2.3:h:ruckuswireless:sz-144:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:sz100:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:sz300:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:a:ruckuswireless:ruckus_wireless_admin:*:*:*:*:*:*:*:*
OR cpe:2.3:h:ruckuswireless:m510-jp:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:p300:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:q410:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:q710:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:q910:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t811-cm\(non-spf\):-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:zd1000:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:zd1100:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:zd1200:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:zd3000:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:zd5000:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
OR cpe:2.3:a:ruckuswireless:ruckus_wireless_admin:*:*:*:*:*:*:*:*
cpe:2.3:o:ruckuswireless:smartzone:*:*:*:*:*:*:*:*
OR cpe:2.3:h:ruckuswireless:sz-144-federal:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:sz300-federal:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:49

Type Values Removed Values Added
References () https://cybir.com/2023/cve/proof-of-concept-ruckus-wireless-admin-10-4-unauthenticated-remote-code-execution-csrf-ssrf/ - Exploit, Third Party Advisory () https://cybir.com/2023/cve/proof-of-concept-ruckus-wireless-admin-10-4-unauthenticated-remote-code-execution-csrf-ssrf/ - Exploit, Third Party Advisory
References () https://support.ruckuswireless.com/security_bulletins/315 - Patch, Product, Vendor Advisory () https://support.ruckuswireless.com/security_bulletins/315 - Patch, Product, Vendor Advisory
Summary
  • (es) Ruckus Wireless Admin hasta la versión 10.4 permite la ejecución remota de código a través de una solicitud HTTP GET no autenticada, como lo demuestra /forms/doLogin?login_username=admin&password=password$(curl substring.

Information

Published : 2023-02-13 20:15

Updated : 2024-11-21 07:49


NVD link : CVE-2023-25717

Mitre link : CVE-2023-25717

CVE.ORG link : CVE-2023-25717


JSON object : View

Products Affected

ruckuswireless

  • q410
  • smartzone_ap
  • sz300
  • m510-jp
  • sz-144-federal
  • smartzone
  • p300
  • r710
  • t750se
  • zd1100
  • t310c
  • sz-144
  • t301n
  • t710s
  • t350se
  • t350c
  • t811-cm
  • r750
  • q710
  • e510
  • r550
  • t310d
  • sz100
  • t310s
  • t610
  • t300
  • t750
  • r320
  • r760
  • r700
  • m510
  • h510
  • t504
  • r560
  • t301s
  • r650
  • t350d
  • sz300-federal
  • zd3000
  • r730
  • r850
  • t710
  • h550
  • r720
  • ruckus_wireless_admin
  • r510
  • zd5000
  • t310n
  • h320
  • r500
  • r310
  • r600
  • r300
  • h350
  • r610
  • q910
  • zd1000
  • zd1200
  • r350
  • t811-cm\(non-spf\)
  • h500
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')