DDoS Reflection Amplification Vulnerability in Ruckus Wireless SmartZone Controller
CVE-2021-36630

7.5HIGH

Key Information:

Vendor: Ruckuswireless
Status: Sz-300 Firmware
Vendor: CVE Published:; 18 January 2023

🔔 Create Ruckuswireless Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2021-36630?

A vulnerability exists in the eAut module of the Ruckus Wireless SmartZone controller that can be exploited by attackers to perform DDoS reflection amplification attacks. This vulnerability allows remote adversaries to send specially crafted requests that overwhelm the system, leading to a denial of service. Exploiting this flaw can degrade service availability and disrupt network operations.

References

http://ruckus.com

https://www.freebuf.com/articles/web/260338.html

http://smartzone-100.com

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 18, 2023
🟡
Public PoC available
Jan 15, 2023
👾
Exploit known to exist
Jan 15, 2023
Vulnerability Reserved
Jul 12, 2021

CVE-2021-36630 Data

JSON