CVE-2023-7338

Summary

Ruckus Unleashed contains a remote code execution vulnerability in the web-based management interface that allows authenticated remote attackers to execute arbitrary code on the system when gateway mode is enabled. Attackers can exploit this vulnerability by sending specially crafted requests through the management interface to achieve arbitrary code execution on affected systems.

Affected Software

VendorProductVersion RangeStatus
Ruckus NetworksRUCKUS H350unknownaffected
Ruckus NetworksRUCKUS H550unknownaffected
Ruckus NetworksRUCKUS R350unknownaffected
Ruckus NetworksRUCKUS R550unknownaffected
Ruckus NetworksRUCKUS R650unknownaffected
Ruckus NetworksRUCKUS R750unknownaffected
Ruckus NetworksRUCKUS R850unknownaffected
Ruckus NetworksRUCKUS T350cunknownaffected
Ruckus NetworksRUCKUS T350dunknownaffected
Ruckus NetworksRUCKUS T350seunknownaffected
Ruckus NetworksRUCKUS T750unknownaffected
Ruckus NetworksRUCKUS T750SEunknownaffected
Ruckus NetworksRUCKUS Unleashedunknownaffected
Ruckus NetworksRuckus C110unknownaffected
Ruckus NetworksRuckus E510unknownaffected
Ruckus NetworksRuckus H320unknownaffected
Ruckus NetworksRuckus H510unknownaffected
Ruckus NetworksRuckus M510-JPunknownaffected
Ruckus NetworksRuckus R320unknownaffected
Ruckus NetworksRuckus R510unknownaffected
Ruckus NetworksRuckus R610unknownaffected
Ruckus NetworksRuckus R710unknownaffected
Ruckus NetworksRuckus R720unknownaffected
Ruckus NetworksRuckus T310cunknownaffected
Ruckus NetworksRuckus T310dunknownaffected
Ruckus NetworksRuckus T310nunknownaffected
Ruckus NetworksRuckus T310sunknownaffected
Ruckus NetworksRuckus T610unknownaffected
Ruckus NetworksRuckus T710unknownaffected
Ruckus NetworksRuckus T710sunknownaffected

Weaknesses

  • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References