PT-2020-13778 · Ruckus Wireless · R320+24

Published

2020-07-28

Updated

2021-07-21

CVE-2020-13917

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ruckus Wireless Unleashed versions through 200.7.10.92

Description The issue allows a remote attacker to achieve command injection and jailbreak the CLI via a crafted CLI command, affecting various Ruckus Wireless devices including C110, E510, H320, H510, M510, R320, R310, R500, R510, R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s.

Recommendations For versions through 200.7.10.92, consider restricting access to the rkscli to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using crafted CLI commands that could lead to command injection.

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2020-13917

Affected Products

C110

E510

H320

H510

M510

R310

R320

R500

R510

R600

R610

R710

R720

R750

Ruckus Wireless Unleashed

T300

T301N

T301S

T310C

T310D

T310N

T310S

T610

T710

T710S

PT-2020-13778 · Ruckus Wireless · R320+24

CVE-2020-13917

Weakness Enumeration

Related Identifiers

Affected Products

References · 3