Ruckuswireless

Zonedirector 1200 Firmware

21 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
10

CVE-2019-19839

Exploit
  • EPSS 4.27%
  • Published 23.01.2020 15:15:13
  • Last modified 21.11.2024 04:35:30

emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/_cmdstat.jsp via the uploadFile attribute.

10

CVE-2019-19838

Exploit
  • EPSS 23.3%
  • Published 23.01.2020 15:15:13
  • Last modified 21.11.2024 04:35:29

emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/_cmdstat.jsp via the uploadFile attribute.

7.8

CVE-2019-19837

Exploit
  • EPSS 1.21%
  • Published 23.01.2020 13:15:12
  • Last modified 21.11.2024 04:35:29

Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote information disclosure of bin/web.conf via HTTP requests.

7.5

CVE-2019-19835

Exploit
  • EPSS 1.33%
  • Published 23.01.2020 13:15:11
  • Last modified 21.11.2024 04:35:29

SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote denial of service via the server attribute to the tools/_rcmdstat.jsp URI.

10

CVE-2019-19842

Exploit
  • EPSS 6.7%
  • Published 22.01.2020 21:15:10
  • Last modified 21.11.2024 04:35:30

emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=spectra-analysis to admin/_cmdstat.jsp via the mac attribute.

10

CVE-2019-19841

Exploit
  • EPSS 4.27%
  • Published 22.01.2020 21:15:10
  • Last modified 21.11.2024 04:35:30

emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=packet-capture to admin/_cmdstat.jsp via the mac attribute.

9.8

CVE-2019-19840

Exploit
  • EPSS 21.7%
  • Published 22.01.2020 21:15:10
  • Last modified 21.11.2024 04:35:30

A stack-based buffer overflow in zap_parse_args in zap.c in zap in Ruckus Unleashed through 200.7.10.102.64 allows remote code execution via an unauthenticated HTTP request.

9.8

CVE-2019-19843

Exploit
  • EPSS 0.65%
  • Published 22.01.2020 19:15:12
  • Last modified 21.11.2024 04:35:30

Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wps_tool_cache.

9.8

CVE-2019-19836

Exploit
  • EPSS 2.4%
  • Published 22.01.2020 19:15:12
  • Last modified 21.11.2024 04:35:29

AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote code execution via a POST request that uses tools/_rcmdstat.jsp to write to a specified filename.

7.2

CVE-2019-19834

Exploit
  • EPSS 1.34%
  • Published 22.01.2020 19:15:12
  • Last modified 21.11.2024 04:35:29

Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote attacker to jailbreak the CLI via enable->debug->script->exec with ../../../bin/sh as the parameter.