[CVE-2023-25717] Multiple Ruckus Wireless Products CSRF and RCE Vulnerability

SecurityDesk
2023.05.12 00:00 조회 9

CISA KEV 정보

취약점명Multiple Ruckus Wireless Products CSRF and RCE Vulnerability
설명Ruckus Wireless Access Point (AP) software contains an unspecified vulnerability in the web services component. If the web services component is enabled on the AP, an attacker can perform cross-site request forgery (CSRF) or remote code execution (RCE). This vulnerability impacts Ruckus ZoneDirector, SmartZone, and Solo APs.
조치사항Apply updates per vendor instructions or disconnect product if it is end-of-life.
랜섬웨어 캠페인 악용Unknown
CWECWE-94
등록일 (KEV)2023-05-12
조치 기한2023-06-02
추가 참고https://support.ruckuswireless.com/security_bulletins/315; https://nvd.nist.gov/vuln/detail/CVE-2023-25717

NVD 상세 정보

CVSS v3.1: 9.8 CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

설명: Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.

CWE: CWE-94 | CWE-94

참조

This product uses the NVD API but is not endorsed or certified by the NVD.



바로 가기

← 목록으로 돌아가기

IT 도구 서랍

→ Unix: 2025-01-15T09:30:00
→ 날짜: 1736934600

→ ASCII: ABC
→ 문자: 65 66 67

ASCII 코드표 — 클릭하면 입력란에 추가

제어 문자 (0–31)

DecHex약어설명

출력 가능 문자 (32–126)

DecHex문자

확장 ASCII (128–255)

DecHex문자

→ 유니코드: 홍길동
→ 문자: \ud64d\uae38\ub3d9