Remote Code Execution in Ruckus Wireless Admin Product
CVE-2023-25717
Key Information:
- Vendor
- Ruckuswireless
- Vendor
- CVE Published:
- 13 February 2023
Badges
Summary
The Ruckus Wireless Admin product (version 10.4 or earlier) is susceptible to a Remote Code Execution vulnerability that can be exploited via an unauthenticated HTTP GET request. This vulnerability allows an attacker to execute arbitrary code by manipulating the login parameters through a crafted URL, potentially compromising the entire system without requiring credentials. As demonstrated in various proof-of-concept attacks, the flaw can be leveraged to gain unauthorized access and control over the affected application, emphasizing the need for immediate patching and security measures.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply updates per vendor instructions or disconnect product if it is end-of-life.
News Articles
prophaze.comCVE-2023-25717CVE-2023-25717 : RUCKUS WIRELESS ADMIN UP TO 10.4 HTTP GET REQUEST /FORMS/DOLOGIN REMOTE CODE EXECUTION - Cloud WAF
CVE-2023-25717 : Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.
References
EPSS Score
94% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 📰
First article discovered by prophaze.com
- 👾
Exploit known to exist
- 🦅
CISA Reported
Vulnerability published
Vulnerability Reserved