XSS Vulnerability in Ruckus Wireless Unleashed Products
CVE-2020-13913

6.1MEDIUM

Key Information:

Vendor: Ruckuswireless
Status: Unleashed Firmware
Vendor: CVE Published:; 28 July 2020

Summary

A cross-site scripting (XSS) vulnerability in Ruckus Wireless Unleashed software allows an unauthenticated remote attacker to execute arbitrary JavaScript code. This is done through a crafted HTTP request targeting specific Ruckus devices. The extensive list of affected devices could potentially expose networks to multiple security risks, emphasizing the importance of timely patching and network monitoring to mitigate threats.

References

https://support.ruckuswireless.com/security_bulletins/304

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 28, 2020
Vulnerability Reserved
Jun 7, 2020