CVE-2023-25717

CVSS 9.8 CRITICALEPSS 95.1%● KEVCWE-94

In short

Ruckus Wireless Admin before version 10.5 allows attackers to execute arbitrary code on the server without needing to log in, simply by sending a specially crafted web request. This is critical because it gives complete control of the network device to any attacker on the internet.

Technical detail

An unauthenticated remote attacker can achieve arbitrary code execution via HTTP GET requests to the /forms/doLogin endpoint by injecting shell commands into the login_username or password parameters. The vulnerability stems from improper input validation and command injection (CWE-94), allowing OS-level command execution without authentication required.

Summary generated and translated by AI from the official description.

Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://cybir.com/2023/cve/proof-of-concept-ruckus-wireless-admin-10-4-unauthenticated-remote-code-execution-csrf-ssrf/https://support.ruckuswireless.com/security_bulletins/315 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-25717