Incorrect Access Control in Ruckus Wireless Unleashed Web Interface
CVE-2019-19837

5.3MEDIUM

Key Information:

Vendor

Ruckuswireless

Status
Unleashed
Vendor
CVE Published:
23 January 2020

What is CVE-2019-19837?

The web interface of Ruckus Wireless Unleashed versions up to 200.7.10.102.64 is susceptible to an access control weakness that permits remote attackers to disclose information from the server. By crafting specific HTTP requests, unauthorized users can retrieve sensitive configuration files such as bin/web.conf, potentially compromising the security and integrity of the system's configuration. This vulnerability highlights the importance of proper access control measures in preventing unauthorized information access.

References

https://fahrplan.events.ccc.de/congress/2019/Fahrplan/eve...
x_refsource_MISC
https://www.ruckuswireless.com/security/299/view/txt
x_refsource_MISC
https://alephsecurity.com/2020/01/14/ruckus-wireless
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.