Command Injection Vulnerability in Ruckus Wireless Devices
CVE-2020-13919

9.8CRITICAL

Key Information:

Vendor: Ruckuswireless
Status: Unleashed Firmware
Vendor: CVE Published:; 28 July 2020

Summary

The emfd/libemf component in Ruckus Wireless Unleashed systems is susceptible to command injection attacks due to improper handling of HTTP requests. This vulnerability can allow a remote attacker to execute arbitrary commands on vulnerable devices. Affected versions include those running through 200.7.10.102.92, impacting a wide range of models including C110, E510, and several others. It's crucial for network administrators to apply the latest security updates to mitigate the risk associated with this vulnerability.

References

https://support.ruckuswireless.com/security_bulletins/304

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 28, 2020
Vulnerability Reserved
Jun 7, 2020