Lucene search

[email protected]CVE-2021-36630

HistoryJan 18, 2023 - 1:15 p.m.

CVE-2021-36630

2023-01-1813:15:12

CWE-770

[email protected]

web.nvd.nist.gov

cve

2021

36630

ddos

reflection

amplification

vulnerability

eaut module

ruckus wireless

smartzone controller

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.8%

JSON

DDOS reflection amplification vulnerability in eAut module of Ruckus Wireless SmartZone controller that allows remote attackers to perform DOS attacks via crafted request.

Affected configurations

NVD

Node

ruckuswirelesssz-300Match-

AND

ruckuswirelesssz-300_firmwareRange≤3.6.2

Node

ruckuswirelesssz-144Match-

AND

ruckuswirelesssz-144_firmwareRange≤3.6.2

Node

ruckuswirelesssz-100Match-

AND

ruckuswirelesssz-100_firmwareRange≤3.6.2

Node

ruckuswirelessvszMatch-

AND

ruckuswirelessvsz_firmwareRange≤3.6.2

CPENameOperatorVersion
ruckuswireless:sz-300_firmwareruckuswireless sz-300 firmwarele3.6.2

CPE	Name	Operator	Version
ruckuswireless:sz-300_firmware	ruckuswireless sz-300 firmware	le	3.6.2

References

ruckus.com

smartzone-100.com

anquan.baidu.com/article/1434

github.com/lixiang957/CVE-2021-36630

www.commscope.com/globalassets/digizuite/921070-faq-security-advisory-id-20210719-v1-0.pdf

www.freebuf.com/articles/web/260338.html

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.8%

JSON

Related for CVE-2021-36630

cvelist1 prion1 nvd1