Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-6224


Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ZD10.0.0.x, ZD10.0.1.x (less than 10.0.1.0.17 MR1 release) and Ruckus Wireless Unleashed AP Firmware releases 200.0.x, 200.1.x, 200.2.x, 200.3.x, 200.4.x. contain OS Command Injection vulnerabilities that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system by appending those commands in the Common Name field in the Certificate Generation Request.


Published

2017-10-13T17:29:01.160

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

8.6

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-78

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System ruckuswireless zonedirector_firmware zd9.9.0.0.205 Yes
Operating System ruckuswireless zonedirector_firmware zd9.9.0.0.212 Yes
Operating System ruckuswireless zonedirector_firmware zd9.9.0.0.216 Yes
Operating System ruckuswireless zonedirector_firmware zd9.10.0.0.218 Yes
Operating System ruckuswireless zonedirector_firmware zd9.13.0.0.103 Yes
Operating System ruckuswireless zonedirector_firmware zd9.13.0.0.209 Yes
Hardware ruckuswireless zonedirector - No
Operating System ruckuswireless unleashed_firmware 200.1 Yes
Operating System ruckuswireless unleashed_firmware 200.1.9.12.55 Yes
Operating System ruckuswireless unleashed_firmware 200.3 Yes
Operating System ruckuswireless unleashed_firmware 200.3.9.13.228 Yes
Operating System ruckuswireless unleashed_firmware 200.4.9.13 Yes
Operating System ruckuswireless unleashed_firmware 200.4.9.13.47 Yes
Hardware ruckuswireless unleashed - No

References