Unleashed@* Security Vulnerabilities and Issues — Unleashed@* CVE List

Lucene search

RuckuswirelessUnleashed*

10 matches found

CVE•added 2020/01/22 9:15 p.m.•59 views

CVE-2019-19841

emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=packet-capture to admin/_cmdstat.jsp via the mac attribute.

10CVSS9.5AI score0.04274EPSS

CVE•added 2020/01/22 9:15 p.m.•58 views

CVE-2019-19840

A stack-based buffer overflow in zap_parse_args in zap.c in zap in Ruckus Unleashed through 200.7.10.102.64 allows remote code execution via an unauthenticated HTTP request.

9.8CVSS10AI score0.21704EPSS

CVE•added 2020/01/22 7:15 p.m.•54 views

CVE-2019-19834

Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote attacker to jailbreak the CLI via enable->debug->script->exec with ../../../bin/sh as the parameter.

7.2CVSS7.4AI score0.01338EPSS

CVE•added 2020/01/22 9:15 p.m.•54 views

CVE-2019-19842

emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=spectra-analysis to admin/_cmdstat.jsp via the mac attribute.

10CVSS9.5AI score0.06696EPSS

CVE•added 2020/01/22 7:15 p.m.•51 views

CVE-2019-19836

AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote code execution via a POST request that uses tools/_rcmdstat.jsp to write to a specified filename.

9.8CVSS9.7AI score0.02398EPSS

CVE•added 2020/01/22 7:15 p.m.•48 views

CVE-2019-19843

Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wps_tool_cache.

9.8CVSS9.5AI score0.00646EPSS

CVE•added 2020/01/23 1:15 p.m.•45 views

CVE-2019-19837

Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote information disclosure of bin/web.conf via HTTP requests.

7.8CVSS6.1AI score0.01208EPSS

CVE•added 2020/01/23 3:15 p.m.•44 views

CVE-2019-19838

emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/_cmdstat.jsp via the uploadFile attribute.

10CVSS9.5AI score0.23295EPSS

CVE•added 2020/01/23 1:15 p.m.•42 views

CVE-2019-19835

SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote denial of service via the server attribute to the tools/_rcmdstat.jsp URI.

7.5CVSS7.8AI score0.01326EPSS

CVE•added 2020/01/23 3:15 p.m.•36 views

CVE-2019-19839

emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/_cmdstat.jsp via the uploadFile attribute.

10CVSS9.5AI score0.04274EPSS