9

CVE-2017-6229

Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and Ruckus Networks Zone Director firmware releases 10.1.0.0.x, 9.10.2.0.x, 9.12.3.0.x, 9.13.3.0.x, 10.0.1.0.x or before contain authenticated Root Command Injection in the CLI that could allow authenticated valid users to execute privileged commands on the respective systems.

Data is provided by the National Vulnerability Database (NVD)
RuckuswirelessR500 Firmware Version < 200.6.10.1.0
   RuckuswirelessR500 Version-
RuckuswirelessR600 Firmware Version < 200.6.10.1.0
   RuckuswirelessR600 Version-
RuckuswirelessR310 Firmware Version < 200.6.10.1.0
   RuckuswirelessR310 Version-
RuckuswirelessH320 Firmware Version < 200.6.10.1.0
   RuckuswirelessH320 Version-
RuckuswirelessH510 Firmware Version < 200.6.10.1.0
   RuckuswirelessH510 Version-
RuckuswirelessR710 Firmware Version < 200.6.10.1.0
   RuckuswirelessR710 Version-
RuckuswirelessR720 Firmware Version < 200.6.10.1.0
   RuckuswirelessR720 Version-
RuckuswirelessT300 Firmware Version < 200.6.10.1.0
   RuckuswirelessT300 Version-
RuckuswirelessT301 Firmware Version < 200.6.10.1.0
   RuckuswirelessT301 Version-
RuckuswirelessT300e Firmware Version < 200.6.10.1.0
   RuckuswirelessT300e Version-
RuckuswirelessT610 Firmware Version < 200.6.10.1.0
   RuckuswirelessT610 Version-
RuckuswirelessT710 Firmware Version < 200.6.10.1.0
   RuckuswirelessT710 Version-
RuckuswirelessR510 Firmware Version < 200.6.10.1.0
   RuckuswirelessR510 Version-
RuckuswirelessZonedirector 1200 Firmware Version >= 9.10.2.0.11 <= 9.10.2.0.53
   RuckuswirelessZonedirector 1200 Version-
RuckuswirelessZonedirector 1200 Firmware Version >= 9.12.3.0.28 <= 9.12.3.0.83
   RuckuswirelessZonedirector 1200 Version-
RuckuswirelessZonedirector 1200 Firmware Version >= 9.13.3.0.22 <= 9.13.3.0.145
   RuckuswirelessZonedirector 1200 Version-
RuckuswirelessZonedirector 1200 Firmware Version >= 10.0.1.0.17 <= 10.0.1.0.44
   RuckuswirelessZonedirector 1200 Version-
RuckuswirelessZonedirector 1200 Firmware Version10.1.0.0.1515
   RuckuswirelessZonedirector 1200 Version-
RuckuswirelessZonedirector 3000 Firmware Version >= 9.10.2.0.11 <= 9.10.2.0.53
   RuckuswirelessZonedirector 3000 Version-
RuckuswirelessZonedirector 3000 Firmware Version >= 9.12.3.0.28 <= 9.12.3.0.83
   RuckuswirelessZonedirector 3000 Version-
RuckuswirelessZonedirector 3000 Firmware Version >= 9.13.3.0.22 <= 9.13.3.0.145
   RuckuswirelessZonedirector 3000 Version-
RuckuswirelessZonedirector 3000 Firmware Version >= 10.0.1.0.17 <= 10.0.1.0.44
   RuckuswirelessZonedirector 3000 Version-
RuckuswirelessZonedirector 3000 Firmware Version10.1.0.0.1515
   RuckuswirelessZonedirector 3000 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 5.29% 0.896
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 9 8 10
AV:N/AC:L/Au:S/C:C/I:C/A:C
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.