CVE-2020-8438

Name of the Vulnerable Software and Affected Versions Ruckus ZoneFlex R500 version 104.0.0.0.1347

Description The issue allows an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form. This can be demonstrated by using the nslookuptarget parameter with a substring like |cat${IFS}.

Recommendations For Ruckus ZoneFlex R500 version 104.0.0.0.1347, as a temporary workaround, consider restricting access to the /forms/nslookupHandler form until a patch is available. Avoid using the nslookuptarget parameter in the affected form until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.