CVE-2020-8438

2020-01-2922:06:30

mitre

www.cve.org

7.4 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.6%

JSON

Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the nslookuptarget=|cat${IFS} substring.

References

sku11army.blogspot.com/2020/01/ruckus-rce-ruckus-m500-via-injection-on.html