CVE-2019-19836

Exploit

EPSS 2.4%
Veröffentlicht 22.01.2020 19:15:12
Zuletzt bearbeitet 21.11.2024 04:35:29
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote code execution via a POST request that uses tools/_rcmdstat.jsp to write to a specified filename.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ruckuswireless ≫ Unleashed Version < 200.7.10.202.94

   Ruckuswireless ≫ C110 Version-
   Ruckuswireless ≫ E510 Version-
   Ruckuswireless ≫ H320 Version-
   Ruckuswireless ≫ H510 Version-
   Ruckuswireless ≫ M510 Version-
   Ruckuswireless ≫ R310 Version-
   Ruckuswireless ≫ R320 Version-
   Ruckuswireless ≫ R510 Version-
   Ruckuswireless ≫ R610 Version-
   Ruckuswireless ≫ R710 Version-
   Ruckuswireless ≫ R720 Version-
   Ruckuswireless ≫ T310 Version-
   Ruckuswireless ≫ T610 Version-
   Ruckuswireless ≫ T710 Version-

Ruckuswireless ≫ Zonedirector 1200 Firmware Version < 9.10.2.0.84

Ruckuswireless ≫ Zonedirector 1200 Version-

Ruckuswireless ≫ Zonedirector 1200 Firmware Version >= 9.12.0 < 9.12.3.0.136

Ruckuswireless ≫ Zonedirector 1200 Version-

Ruckuswireless ≫ Zonedirector 1200 Firmware Version >= 9.13.0 < 10.0.1.0.90

Ruckuswireless ≫ Zonedirector 1200 Version-

Ruckuswireless ≫ Zonedirector 1200 Firmware Version >= 10.1.0 < 10.1.2.0.275

Ruckuswireless ≫ Zonedirector 1200 Version-

Ruckuswireless ≫ Zonedirector 1200 Firmware Version >= 10.2.0 < 10.2.1.0.147

Ruckuswireless ≫ Zonedirector 1200 Version-

Ruckuswireless ≫ Zonedirector 1200 Firmware Version >= 10.3.0 < 10.3.1.0.21

Ruckuswireless ≫ Zonedirector 1200 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.4%	0.844

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://alephsecurity.com/2020/01/14/ruckus-wireless

Third Party Advisory

Exploit

Technical Description

https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html

Third Party Advisory

https://www.ruckuswireless.com/security/299/view/txt

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-19836

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-19836

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-19836

EUVD