CVE-2019-19841

Name of the Vulnerable Software and Affected Versions Ruckus Wireless Unleashed versions 200.7.10.102.64 and earlier

Description The issue allows remote attackers to execute OS commands via a POST request with the attribute xcmd=packet-capture to "admin/ cmdstat.jsp" via the mac attribute. This enables attackers to potentially gain unauthorized access and control over the system.

Recommendations For versions 200.7.10.102.64 and earlier, consider restricting access to the "admin/ cmdstat.jsp" endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the xcmd attribute with the value packet-capture in POST requests to this endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.