CVE-2020-13913

Name of the Vulnerable Software and Affected Versions Ruckus Wireless Unleashed versions 200.7.10.102.92 and earlier

Description A remote attacker can execute JavaScript code via an unauthenticated crafted HTTP request due to an XSS issue in emfd. This affects various Ruckus Wireless Unleashed devices, including C110, E510, H320, H510, M510, R320, R310, R500, R510, R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s.

Recommendations For versions 200.7.10.102.92 and earlier, consider disabling the emfd service until a patch is available to prevent exploitation of the XSS issue. Restrict access to the affected devices to minimize the risk of exploitation. Avoid using the affected devices for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.