CVE-2019-19836

2020-01-2218:13:49

mitre

www.cve.org

9.8 High

AI Score

Confidence

High

0.048 Low

EPSS

Percentile

92.8%

JSON

AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote code execution via a POST request that uses tools/_rcmdstat.jsp to write to a specified filename.

References

alephsecurity.com/2020/01/14/ruckus-wireless

fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html

www.ruckuswireless.com/security/299/view/txt