Waveburst

**Name of the Vulnerable Software and Affected Versions** Ruckus Wireless Unleashed versions through 200.7.10.102.64 **Description** The issue is related to incorrect access control in the web interface, allowing remote information disclosure of bin/web.conf via HTTP requests. **Recommendations** For versions through 200.7.10.102.64, consider restricting access to the web interface until a fix is available. As a temporary workaround, limit HTTP requests to the vulnerable web interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ruckus Wireless Unleashed versions through 200.7.10.102.64 **Description** The issue allows remote attackers to execute OS commands. This can be achieved by sending a POST request with the attribute `xcmd=import-category` to "admin/ cmdstat.jsp" via the `uploadFile` attribute. **Recommendations** For versions through 200.7.10.102.64, as a temporary workaround, consider restricting access to the "admin/ cmdstat.jsp" endpoint to minimize the risk of exploitation. Avoid using the `uploadFile` attribute in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ruckus Wireless Unleashed versions through 200.7.10.102.64 **Description** The issue allows a remote attacker to jailbreak the CLI via enable->debug->script->exec with `../../../bin/sh` as the parameter. This enables the attacker to execute system commands, potentially leading to unauthorized access and control. **Recommendations** For versions through 200.7.10.102.64, consider restricting access to the `enable->debug->script->exec` sequence to minimize the risk of exploitation. Avoid using the `../../../bin/sh` parameter in the affected CLI until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ruckus Unleashed versions through 200.7.10.102.64 **Description** A stack-based buffer overflow in `zap parse args` in `zap.c` allows remote code execution via an unauthenticated HTTP request. **Recommendations** For versions through 200.7.10.102.64, update to a version that fixes the issue in `zap parse args` to prevent remote code execution. As a temporary workaround, consider restricting access to the `zap` module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ruckus Wireless Unleashed versions through 200.7.10.102.64 **Description** The issue allows remote attackers to execute OS commands. This can be achieved by sending a POST request with the attribute `xcmd=spectra-analysis` to the "admin/ cmdstat.jsp" endpoint via the `mac` attribute. **Recommendations** For versions through 200.7.10.102.64, consider restricting access to the "admin/ cmdstat.jsp" endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the `xcmd` attribute with the value `spectra-analysis` in the POST request until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.