Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Unleashed Security Vulnerabilities

cve
cve

CVE-2019-19834

Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote attacker to jailbreak the CLI via enable->debug->script->exec with ../../../bin/sh as the parameter.

7.2CVSS

7.4AI Score

0.008EPSS

2020-01-22 07:15 PM
40
cve
cve

CVE-2019-19835

SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote denial of service via the server attribute to the tools/_rcmdstat.jsp URI.

7.5CVSS

7.8AI Score

0.004EPSS

2020-01-23 01:15 PM
26
cve
cve

CVE-2019-19836

AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote code execution via a POST request that uses tools/_rcmdstat.jsp to write to a specified filename.

9.8CVSS

9.7AI Score

0.048EPSS

2020-01-22 07:15 PM
37
cve
cve

CVE-2019-19837

Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote information disclosure of bin/web.conf via HTTP requests.

5.3CVSS

6.1AI Score

0.002EPSS

2020-01-23 01:15 PM
28
cve
cve

CVE-2019-19838

emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/_cmdstat.jsp via the uploadFile attribute.

9.8CVSS

9.5AI Score

0.014EPSS

2020-01-23 03:15 PM
28
cve
cve

CVE-2019-19839

emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/_cmdstat.jsp via the uploadFile attribute.

9.8CVSS

9.5AI Score

0.014EPSS

2020-01-23 03:15 PM
25
cve
cve

CVE-2019-19840

A stack-based buffer overflow in zap_parse_args in zap.c in zap in Ruckus Unleashed through 200.7.10.102.64 allows remote code execution via an unauthenticated HTTP request.

9.8CVSS

10AI Score

0.033EPSS

2020-01-22 09:15 PM
46
cve
cve

CVE-2019-19841

emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=packet-capture to admin/_cmdstat.jsp via the mac attribute.

9.8CVSS

9.5AI Score

0.014EPSS

2020-01-22 09:15 PM
44
cve
cve

CVE-2019-19842

emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=spectra-analysis to admin/_cmdstat.jsp via the mac attribute.

9.8CVSS

9.5AI Score

0.014EPSS

2020-01-22 09:15 PM
45
cve
cve

CVE-2019-19843

Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wps_tool_cache.

9.8CVSS

9.5AI Score

0.003EPSS

2020-01-22 07:15 PM
37