CVE-2023-7338
7.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
Ruckus Unleashed contains a remote code execution vulnerability in the web-based management interface that allows authenticated remote attackers to execute arbitrary code on the system when gateway mode is enabled. Attackers can exploit this vulnerability by sending specially crafted requests through the management interface to achieve arbitrary code execution on affected systems.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Ruckus Networks | RUCKUS H350 | unknown | affected |
| Ruckus Networks | RUCKUS H550 | unknown | affected |
| Ruckus Networks | RUCKUS R350 | unknown | affected |
| Ruckus Networks | RUCKUS R550 | unknown | affected |
| Ruckus Networks | RUCKUS R650 | unknown | affected |
| Ruckus Networks | RUCKUS R750 | unknown | affected |
| Ruckus Networks | RUCKUS R850 | unknown | affected |
| Ruckus Networks | RUCKUS T350c | unknown | affected |
| Ruckus Networks | RUCKUS T350d | unknown | affected |
| Ruckus Networks | RUCKUS T350se | unknown | affected |
| Ruckus Networks | RUCKUS T750 | unknown | affected |
| Ruckus Networks | RUCKUS T750SE | unknown | affected |
| Ruckus Networks | RUCKUS Unleashed | unknown | affected |
| Ruckus Networks | Ruckus C110 | unknown | affected |
| Ruckus Networks | Ruckus E510 | unknown | affected |
| Ruckus Networks | Ruckus H320 | unknown | affected |
| Ruckus Networks | Ruckus H510 | unknown | affected |
| Ruckus Networks | Ruckus M510-JP | unknown | affected |
| Ruckus Networks | Ruckus R320 | unknown | affected |
| Ruckus Networks | Ruckus R510 | unknown | affected |
| Ruckus Networks | Ruckus R610 | unknown | affected |
| Ruckus Networks | Ruckus R710 | unknown | affected |
| Ruckus Networks | Ruckus R720 | unknown | affected |
| Ruckus Networks | Ruckus T310c | unknown | affected |
| Ruckus Networks | Ruckus T310d | unknown | affected |
| Ruckus Networks | Ruckus T310n | unknown | affected |
| Ruckus Networks | Ruckus T310s | unknown | affected |
| Ruckus Networks | Ruckus T610 | unknown | affected |
| Ruckus Networks | Ruckus T710 | unknown | affected |
| Ruckus Networks | Ruckus T710s | unknown | affected |
Weaknesses
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://support.ruckuswireless.com/security_bulletins/320
- https://www.vulncheck.com/advisories/ruckus-unleashed-authenticated-rce-in-gateway-mode
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.