← Back to CVEs
CVE-2023-25717
CRITICALCISA KEV9.8
Description
Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published2/13/2023
Last Modified11/3/2025
Sourcekev
Honeypot Sightings0
CISA KEV
VendorRuckus Wireless
ProductMultiple Products
Vulnerability NameMultiple Ruckus Wireless Products CSRF and RCE Vulnerability
KEV Date Added2023-05-12
Remediation Due Date2023-06-02
Ransomware UseUnknown
Affected Products
commscope:ruckus_smartzone_firmwareruckuswireless:e510ruckuswireless:h320ruckuswireless:h350ruckuswireless:h500ruckuswireless:h510ruckuswireless:h550ruckuswireless:m510ruckuswireless:m510-jpruckuswireless:p300ruckuswireless:q410ruckuswireless:q710ruckuswireless:q910ruckuswireless:r300ruckuswireless:r310ruckuswireless:r320ruckuswireless:r350ruckuswireless:r500ruckuswireless:r510ruckuswireless:r550ruckuswireless:r560ruckuswireless:r600ruckuswireless:r610ruckuswireless:r650ruckuswireless:r700ruckuswireless:r710ruckuswireless:r720ruckuswireless:r730ruckuswireless:r750ruckuswireless:r760ruckuswireless:r850ruckuswireless:ruckus_wireless_adminruckuswireless:smartzone_apruckuswireless:sz-144ruckuswireless:sz-144-federalruckuswireless:sz100ruckuswireless:sz300ruckuswireless:sz300-federalruckuswireless:t300ruckuswireless:t301nruckuswireless:t301sruckuswireless:t310cruckuswireless:t310druckuswireless:t310nruckuswireless:t310sruckuswireless:t350cruckuswireless:t350druckuswireless:t350seruckuswireless:t504ruckuswireless:t610ruckuswireless:t710ruckuswireless:t710sruckuswireless:t750ruckuswireless:t750seruckuswireless:t811-cmruckuswireless:t811-cm\(non-spf\)ruckuswireless:zd1000ruckuswireless:zd1100ruckuswireless:zd1200ruckuswireless:zd3000ruckuswireless:zd5000
Weaknesses (CWE)
CWE-94CWE-94
References
https://cybir.com/2023/cve/proof-of-concept-ruckus-wireless-admin-10-4-unauthenticated-remote-code-execution-csrf-ssrf/(cve@mitre.org)
https://support.ruckuswireless.com/security_bulletins/315(cve@mitre.org)
https://cybir.com/2023/cve/proof-of-concept-ruckus-wireless-admin-10-4-unauthenticated-remote-code-execution-csrf-ssrf/(af854a3a-2127-422b-91ae-364da2661108)
https://support.ruckuswireless.com/security_bulletins/315(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-25717(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.