Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-6229

Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and Ruckus Networks Zone Director firmware releases 10.1.0.0.x, 9.10.2.0.x, 9.12.3.0.x, 9.13.3.0.x, 10.0.1.0.x or before contain authenticated Root Command Injection in the CLI that could allow authenticated valid users to execute privileged commands on the respective systems.

Published

2018-02-14T19:29:00.213

Last Modified

2024-11-21T03:29:18.477

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	ruckuswireless	r500_firmware	< 200.6.10.1.0	Yes
Hardware	ruckuswireless	r500	-	No
Operating System	ruckuswireless	r600_firmware	< 200.6.10.1.0	Yes
Hardware	ruckuswireless	r600	-	No
Operating System	ruckuswireless	r310_firmware	< 200.6.10.1.0	Yes
Hardware	ruckuswireless	r310	-	No
Operating System	ruckuswireless	h320_firmware	< 200.6.10.1.0	Yes
Hardware	ruckuswireless	h320	-	No
Operating System	ruckuswireless	h510_firmware	< 200.6.10.1.0	Yes
Hardware	ruckuswireless	h510	-	No
Operating System	ruckuswireless	r710_firmware	< 200.6.10.1.0	Yes
Hardware	ruckuswireless	r710	-	No
Operating System	ruckuswireless	r720_firmware	< 200.6.10.1.0	Yes
Hardware	ruckuswireless	r720	-	No
Operating System	ruckuswireless	t300_firmware	< 200.6.10.1.0	Yes
Hardware	ruckuswireless	t300	-	No
Operating System	ruckuswireless	t301_firmware	< 200.6.10.1.0	Yes
Hardware	ruckuswireless	t301	-	No
Operating System	ruckuswireless	t300e_firmware	< 200.6.10.1.0	Yes
Hardware	ruckuswireless	t300e	-	No
Operating System	ruckuswireless	t610_firmware	< 200.6.10.1.0	Yes
Hardware	ruckuswireless	t610	-	No
Operating System	ruckuswireless	t710_firmware	< 200.6.10.1.0	Yes
Operating System	ruckuswireless	t710	-	No
Operating System	ruckuswireless	r510_firmware	< 200.6.10.1.0	Yes
Hardware	ruckuswireless	r510	-	No
Operating System	ruckuswireless	zonedirector_1200_firmware	≤ 9.10.2.0.53	Yes
Operating System	ruckuswireless	zonedirector_1200_firmware	≤ 9.12.3.0.83	Yes
Operating System	ruckuswireless	zonedirector_1200_firmware	≤ 9.13.3.0.145	Yes
Operating System	ruckuswireless	zonedirector_1200_firmware	≤ 10.0.1.0.44	Yes
Operating System	ruckuswireless	zonedirector_1200_firmware	10.1.0.0.1515	Yes
Hardware	ruckuswireless	zonedirector_1200	-	No
Operating System	ruckuswireless	zonedirector_3000_firmware	≤ 9.10.2.0.53	Yes
Operating System	ruckuswireless	zonedirector_3000_firmware	≤ 9.12.3.0.83	Yes
Operating System	ruckuswireless	zonedirector_3000_firmware	≤ 9.13.3.0.145	Yes
Operating System	ruckuswireless	zonedirector_3000_firmware	≤ 10.0.1.0.44	Yes
Operating System	ruckuswireless	zonedirector_3000_firmware	10.1.0.0.1515	Yes
Hardware	ruckuswireless	zonedirector_3000	-	No

References

https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-20180202-v1.0.txt Vendor Advisory ([email protected])
https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-20180202-v1.0.txt Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)