Search Results (Refine Search)
- CPE Product Version: cpe:/o:ruckuswireless:zonedirector_1200_firmware:-
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-19839 |
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/_cmdstat.jsp via the uploadFile attribute. Published: January 23, 2020; 10:15:13 AM -0500 |
V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2019-19838 |
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/_cmdstat.jsp via the uploadFile attribute. Published: January 23, 2020; 10:15:13 AM -0500 |
V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2019-19837 |
Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote information disclosure of bin/web.conf via HTTP requests. Published: January 23, 2020; 8:15:12 AM -0500 |
V3.1: 5.3 MEDIUM V2.0: 7.8 HIGH |
CVE-2019-19835 |
SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote denial of service via the server attribute to the tools/_rcmdstat.jsp URI. Published: January 23, 2020; 8:15:11 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-19842 |
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=spectra-analysis to admin/_cmdstat.jsp via the mac attribute. Published: January 22, 2020; 4:15:10 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2019-19841 |
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=packet-capture to admin/_cmdstat.jsp via the mac attribute. Published: January 22, 2020; 4:15:10 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2019-19840 |
A stack-based buffer overflow in zap_parse_args in zap.c in zap in Ruckus Unleashed through 200.7.10.102.64 allows remote code execution via an unauthenticated HTTP request. Published: January 22, 2020; 4:15:10 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-19843 |
Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wps_tool_cache. Published: January 22, 2020; 2:15:12 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-19836 |
AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote code execution via a POST request that uses tools/_rcmdstat.jsp to write to a specified filename. Published: January 22, 2020; 2:15:12 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-19834 |
Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote attacker to jailbreak the CLI via enable->debug->script->exec with ../../../bin/sh as the parameter. Published: January 22, 2020; 2:15:12 PM -0500 |
V3.1: 7.2 HIGH V2.0: 6.5 MEDIUM |