Remote Code Execution in Ruckus Wireless Admin Product
CVE-2023-25717
Key Information:
- Vendor
Ruckuswireless
- Vendor
- CVE Published:
- 13 February 2023
Badges
What is CVE-2023-25717?
The Ruckus Wireless Admin product (version 10.4 or earlier) is susceptible to a Remote Code Execution vulnerability that can be exploited via an unauthenticated HTTP GET request. This vulnerability allows an attacker to execute arbitrary code by manipulating the login parameters through a crafted URL, potentially compromising the entire system without requiring credentials. As demonstrated in various proof-of-concept attacks, the flaw can be leveraged to gain unauthorized access and control over the affected application, emphasizing the need for immediate patching and security measures.
CISA has reported CVE-2023-25717
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2023-25717 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply updates per vendor instructions or disconnect product if it is end-of-life.
News Articles
prophaze.comCVE-2023-25717CVE-2023-25717 : RUCKUS WIRELESS ADMIN UP TO 10.4 HTTP GET REQUEST /FORMS/DOLOGIN REMOTE CODE EXECUTION - Cloud WAF
CVE-2023-25717 : Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.
References
EPSS Score
94% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 📰
First article discovered by prophaze.com
- 👾
Exploit known to exist
- 🦅
CISA Reported
Vulnerability published
Vulnerability Reserved