PT-2020-10249 · Ruckus Wireless · Ruckus Wireless Unleashed

Waveburst

Published

2020-01-22

Updated

2020-01-23

CVE-2019-19834

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ruckus Wireless Unleashed versions through 200.7.10.102.64

Description The issue allows a remote attacker to jailbreak the CLI via enable->debug->script->exec with ../../../bin/sh as the parameter. This enables the attacker to execute system commands, potentially leading to unauthorized access and control.

Recommendations For versions through 200.7.10.102.64, consider restricting access to the enable->debug->script->exec sequence to minimize the risk of exploitation. Avoid using the ../../../bin/sh parameter in the affected CLI until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2019-19834

Affected Products

Ruckus Wireless Unleashed

PT-2020-10249 · Ruckus Wireless · Ruckus Wireless Unleashed

CVE-2019-19834

Weakness Enumeration

Related Identifiers

Affected Products

References · 6