PT-2020-13776 · Ruckus Wireless · R320+25

Published

2020-07-28

Updated

2021-07-21

CVE-2020-13915

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Ruckus Wireless Unleashed versions 200.7.10.102.92 and earlier

Description Insecure permissions in emfd/libemf allow a remote attacker to overwrite admin credentials via an unauthenticated crafted HTTP request. This issue affects various Ruckus Wireless Unleashed devices, including C110, E510, H320, H510, M510, R320, R310, R500, R510, R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s.

Recommendations For Ruckus Wireless Unleashed versions 200.7.10.102.92 and earlier, consider disabling the emfd/libemf component until a patch is available to prevent the overwriting of admin credentials via crafted HTTP requests. Restrict access to the affected devices to minimize the risk of exploitation.

Fix

Incorrect Permission

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732CWE-522

Related Identifiers

CVE-2020-13915

Affected Products

C110

E510

H320

H510

M510

R310

R320

R500

R510

R600

R610

R710

R720

R750

Ruckus Wireless Unleashed

T300

T301N

T301S

T310C

T310D

T310N

T310S

T610

T710

T710S

Emfd/Libemf

PT-2020-13776 · Ruckus Wireless · R320+25

CVE-2020-13915

Weakness Enumeration

Related Identifiers

Affected Products

References · 4