Home
MEDIUM: 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:NMEDIUM: 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NDefault status
unaffected
Any version
affected
Default status
affected
Any version
affected
Default status
affected
Any version
affected
Default status
affected
Any version
affected
Default status
affected
Any version
affected
Default status
affected
Any version
affected
Default status
affected
Any version
affected
Default status
affected
Any version
affected
Description
Ruckus Access Point products contain an arbitrary file read vulnerability in the command-line interface that allows authenticated remote attackers with administrative privileges to read arbitrary files from the underlying filesystem. Attackers can exploit this vulnerability to access sensitive information including configuration files, credentials, and system data stored on the device.
Problem types
CWE-552 Files or Directories Accessible to External Parties
Product status
Any version
Any version
Any version
Any version
Any version
Any version
Any version
Any version
References
support.ruckuswireless.com/security_bulletins/306 (Ruckus Security Bulletin 20210108)
www.vulncheck.com/...allows-authenticated-remote-file-access