What is the severity of CVE-2019-19838?

CVE-2019-19838 is rated as a critical vulnerability due to its ability to allow remote command execution.

How do I fix CVE-2019-19838?

To mitigate CVE-2019-19838, users should upgrade Ruckus Wireless Unleashed to a version greater than 200.7.10.202.94.

Which versions are affected by CVE-2019-19838?

CVE-2019-19838 affects Ruckus Wireless Unleashed versions prior to 200.7.10.202.94.

What type of attack does CVE-2019-19838 allow?

CVE-2019-19838 allows remote attackers to execute operating system commands via a malicious POST request.

Is my Ruckus Wireless device vulnerable to CVE-2019-19838?

Devices running Ruckus Wireless Unleashed versions before 200.7.10.202.94 are vulnerable to CVE-2019-19838.

Vulnerability/
CVE-2019-19838

critical

CWE

23/1/2020

5/8/2024

CVE-2019-19838: OS Command Injection

First published: Thu Jan 23 2020(Updated: )

emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/_cmdstat.jsp via the uploadFile attribute.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Ruckus Wireless Unleashed	<200.7.10.202.94
Ruckus Wireless C110
Ruckus Wireless E510
Ruckus Wireless H320
Ruckus Wireless H510
Ruckus Wireless M510
Ruckus Wireless R310
Ruckus Wireless R320
Ruckus Wireless R510
Ruckus Wireless R610
Ruckus Wireless R710
Ruckus Wireless R720
Ruckus Wireless T310
Ruckus Wireless T610
Ruckus Wireless T710
Ruckus Wireless ZoneDirector 1200 Firmware	<9.10.2.0.84
Ruckus Wireless ZoneDirector 1200 Firmware	>=9.12.0<9.12.3.0.136
Ruckus Wireless ZoneDirector 1200 Firmware	>=9.13.0<10.0.1.0.90
Ruckus Wireless ZoneDirector 1200 Firmware	>=10.1.0<10.1.2.0.275
Ruckus Wireless ZoneDirector 1200 Firmware	>=10.2.0<10.2.1.0.147
Ruckus Wireless ZoneDirector 1200 Firmware	>=10.3.0<10.3.1.0.21
Ruckus Wireless ZoneDirector 1200

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-19838?
CVE-2019-19838 is rated as a critical vulnerability due to its ability to allow remote command execution.
How do I fix CVE-2019-19838?
To mitigate CVE-2019-19838, users should upgrade Ruckus Wireless Unleashed to a version greater than 200.7.10.202.94.
Which versions are affected by CVE-2019-19838?
CVE-2019-19838 affects Ruckus Wireless Unleashed versions prior to 200.7.10.202.94.
What type of attack does CVE-2019-19838 allow?
CVE-2019-19838 allows remote attackers to execute operating system commands via a malicious POST request.
Is my Ruckus Wireless device vulnerable to CVE-2019-19838?
Devices running Ruckus Wireless Unleashed versions before 200.7.10.202.94 are vulnerable to CVE-2019-19838.

agent/type
collector/mitre-cve
source/MITRE
agent/author
agent/weakness
agent/references
agent/last-modified-date
agent/severity
agent/first-publish-date
agent/event
agent/description
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ruckuswireless
canonical/ruckus wireless unleashed
canonical/ruckus wireless c110
canonical/ruckus wireless e510
canonical/ruckus wireless h320
canonical/ruckus wireless h510
canonical/ruckus wireless m510
canonical/ruckus wireless r310
canonical/ruckus wireless r320
canonical/ruckus wireless r510
canonical/ruckus wireless r610
canonical/ruckus wireless r710
canonical/ruckus wireless r720
canonical/ruckus wireless t310
canonical/ruckus wireless t610
canonical/ruckus wireless t710
canonical/ruckus wireless zonedirector 1200 firmware
version/ruckus wireless zonedirector 1200 firmware/9.12.0
version/ruckus wireless zonedirector 1200 firmware/9.13.0
version/ruckus wireless zonedirector 1200 firmware/10.1.0
version/ruckus wireless zonedirector 1200 firmware/10.2.0
version/ruckus wireless zonedirector 1200 firmware/10.3.0
canonical/ruckus wireless zonedirector 1200