PT-2020-10255 · Ruckus · Ruckus Unleashed

Gal Zror

Published

2020-01-22

Updated

2020-01-27

CVE-2019-19840

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ruckus Unleashed versions through 200.7.10.102.64

Description A stack-based buffer overflow in zap parse args in zap.c allows remote code execution via an unauthenticated HTTP request.

Recommendations For versions through 200.7.10.102.64, update to a version that fixes the issue in zap parse args to prevent remote code execution. As a temporary workaround, consider restricting access to the zap module to minimize the risk of exploitation.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2019-19840

Affected Products

Ruckus Unleashed

PT-2020-10255 · Ruckus · Ruckus Unleashed

CVE-2019-19840

Weakness Enumeration

Related Identifiers

Affected Products

References · 6