30 matches found
CVE-2020-7234
Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via the SSID field on the Configuration Radio 2.4G Wireless X screen after a successful login to the super account...
EUVD-2020-29305
Malware in sbrugna...
EUVD-2013-4872
Malware in sbrugna...
EUVD-2020-28362
Malware in sbrugna...
CVE-2020-8438
Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the nslookuptarget=|cat$IFS substring...
CommScope Ruckus ZoneFlex R500 Cross-Site Request Forgery Vulnerability
CommScope Ruckus ZoneFlex R500 is a wireless access point product from CommScope, Inc. A cross-site request forgery vulnerability exists in the login.asp page in the CommScope Ruckus ZoneFlex R500. An attacker could exploit this vulnerability to perform a crawl or other analysis with the SUBCA-1...
CommScope Ruckus ZoneFlex R500 Cross-Site Scripting Vulnerability
CommScope Ruckus ZoneFlex R500 is a wireless access point product from CommScope, Inc. A cross-site scripting vulnerability exists in CommScope Ruckus ZoneFlex R500 version 3.4.2.0.384. No details of the vulnerability are provided at this time...
CommScope Ruckus ZoneFlex R500 login.asp Page Cross-Site Request Forgery Vulnerability
CommScope Ruckus ZoneFlex R500 is a wireless access point product from CommScope, Inc. A cross-site request forgery vulnerability exists in the login.asp page on the CommScope Ruckus ZoneFlex R500 version 3.4.2.0.384, which originates from the program failing to properly validate user input. A...
Ruckus ZoneFlex R500 OS Command Execution Vulnerability
The Ruckus ZoneFlex is a Wi-Fi access point. A security vulnerability in the Ruckus ZoneFlex R500 /forms/nslookupHandler form processing parameter allows remote attackers to exploit the vulnerability to submit a special request that can execute arbitrary OS commands...
CVE-2020-8438
Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the nslookuptarget=|cat$IFS substring...
CVE-2020-8438
Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the nslookuptarget=|cat$IFS substring...
Design/Logic Flaw
Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the nslookuptarget=|cat$IFS substring...
CVE-2020-8438
Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the nslookuptarget=|cat$IFS substring...
CVE-2020-8438
The CVE-2020-8438 entry concerns Ruckus ZoneFlex R500 devices (reported as version 104.0.0.0.1347) where an authenticated attacker can execute arbitrary OS commands through the hidden /forms/nslookupHandler form, demonstrated by the nslookuptarget=|cat${IFS} payload. The connected documents provi...
CVE-2020-7234
Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via the SSID field on the Configuration Radio 2.4G Wireless X screen after a successful login to the super account...
CVE-2020-7234
Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via the SSID field on the Configuration Radio 2.4G Wireless X screen after a successful login to the super account...
Cross site scripting
Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via the SSID field on the Configuration Radio 2.4G Wireless X screen after a successful login to the super account...
CVE-2020-7234
Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via the SSID field on the Configuration Radio 2.4G Wireless X screen after a successful login to the super account...
CVE-2020-7234
CVE-2020-7234 affects Ruckus ZoneFlex R310 devices (version 104.0.0.0.1347). It is a Stored XSS vulnerability triggered in the SSID field on the Wireless X screen after logging in to a super account, arising from lack of proper input validation in the web app. Exploitation is described as client-...
Ruckus ZoneFlex R310 Cross-Site Scripting Vulnerability
The Ruckus ZoneFlex R310 is an indoor 802.11ac Wi-Fi access point. A cross-site scripting vulnerability exists in the Ruckus ZoneFlex R310 version 104.0.0.0.1347, which stems from a lack of proper validation of client data by the WEB application and can be exploited by an attacker to execute...