DDoS Reflection Amplification Vulnerability in Ruckus Wireless SmartZone Controller
CVE-2021-36630

7.5HIGH

Key Information:

Vendor: Ruckuswireless
Status: Sz-300 Firmware
Vendor: CVE Published:; 18 January 2023

Badges

👾 Exploit Exists🟣 EPSS 12%

Summary

A vulnerability exists in the eAut module of the Ruckus Wireless SmartZone controller that can be exploited by attackers to perform DDoS reflection amplification attacks. This vulnerability allows remote adversaries to send specially crafted requests that overwhelm the system, leading to a denial of service. Exploiting this flaw can degrade service availability and disrupt network operations.

References

http://ruckus.com

https://www.freebuf.com/articles/web/260338.html

http://smartzone-100.com

EPSS Score

12% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 18, 2023
🟡
Public PoC available
Jan 15, 2023
👾
Exploit known to exist
Jan 15, 2023
Vulnerability Reserved
Jul 12, 2021