PT-2020-13780 · Ruckus Wireless · R320+24

Published

2020-07-28

Updated

2021-07-21

CVE-2020-13919

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ruckus Wireless Unleashed versions through 200.7.10.102.92

Description The issue allows a remote attacker to achieve command injection via a crafted HTTP request. This affects various Ruckus Wireless devices, including C110, E510, H320, H510, M510, R320, R310, R500, R510, R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s.

Recommendations For Ruckus Wireless Unleashed versions through 200.7.10.102.92, consider restricting access to the HTTP endpoint to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2020-13919

Affected Products

C110

E510

H320

H510

M510

R310

R320

R500

R510

R600

R610

R710

R720

R750

Ruckus Wireless Unleashed

T300

T301N

T301S

T310C

T310D

T310N

T310S

T610

T710

T710S

PT-2020-13780 · Ruckus Wireless · R320+24

CVE-2020-13919

Weakness Enumeration

Related Identifiers

Affected Products

References · 3