Description
Ruckus Unleashed contains a remote code execution vulnerability in the web-based management interface that allows authenticated remote attackers to execute arbitrary code on the system when gateway mode is enabled. Attackers can exploit this vulnerability by sending specially crafted requests through the management interface to achieve arbitrary code execution on affected systems.
Problem types
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Product status
unknown (custom)
unknown (custom)
unknown (custom)
unknown (custom)
unknown (custom)
unknown (custom)
unknown (custom)
unknown (custom)
unknown (custom)
unknown (custom)
unknown (custom)
unknown (custom)
unknown (custom)
unknown (custom)
unknown (custom)
unknown (custom)
unknown (custom)
unknown (custom)
unknown (custom)
unknown (custom)
unknown (custom)
unknown (custom)
unknown (custom)
unknown (custom)
unknown (custom)
unknown (custom)
unknown (custom)
unknown (custom)
unknown (custom)
unknown (custom)
References
support.ruckuswireless.com/security_bulletins/320 (Ruckus Security Bulletin 20230731)
www.vulncheck.com/...ashed-authenticated-rce-in-gateway-mode