CVE-2023-25717: Multiple Ruckus Wireless Products CSRF and RCE Vulnerability
First published: Mon Feb 13 2023(Updated: )
Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ruckuswireless Ruckus Wireless Admin | <=10.4 | |
| Ruckuswireless Smartzone Ap | <6.1.0.0.9240 | |
| Ruckuswireless E510 | ||
| Ruckuswireless H320 | ||
| Ruckuswireless H350 | ||
| Ruckuswireless H510 | ||
| Ruckuswireless H550 | ||
| Ruckuswireless M510 | ||
| Ruckuswireless R310 | ||
| Ruckuswireless R320 | ||
| Ruckuswireless R350 | ||
| Ruckuswireless R510 | ||
| Ruckuswireless R550 | ||
| Ruckuswireless R610 | ||
| Ruckuswireless R650 | ||
| Ruckuswireless R710 | ||
| Ruckuswireless R720 | ||
| Ruckuswireless R730 | ||
| Ruckuswireless R750 | ||
| Ruckuswireless R760 | ||
| Ruckuswireless R850 | ||
| Ruckuswireless Sz-144 | ||
| Ruckuswireless Sz100 | ||
| Ruckuswireless Sz300 | ||
| Ruckuswireless T310c | ||
| Ruckuswireless T310d | ||
| Ruckuswireless T310n | ||
| Ruckuswireless T310s | ||
| Ruckuswireless T350c | ||
| Ruckuswireless T350d | ||
| Ruckuswireless T350se | ||
| Ruckuswireless T610 | ||
| Ruckuswireless T710 | ||
| Ruckuswireless T710s | ||
| Ruckuswireless T750 | ||
| Ruckuswireless T750se | ||
| Ruckuswireless T811-cm | ||
| Ruckuswireless Smartzone Ap | <5.2.2.0.2064 | |
| Ruckuswireless R500 | ||
| Ruckuswireless R600 | ||
| Ruckuswireless T300 | ||
| Ruckuswireless T301n | ||
| Ruckuswireless T301s | ||
| Ruckuswireless T504 | ||
| Ruckuswireless Smartzone Ap | <3.6.2.0.795 | |
| Ruckuswireless H500 | ||
| Ruckuswireless R300 | ||
| Ruckuswireless R700 | ||
| Ruckuswireless Smartzone Ap | <6.1.1.0.1274 | |
| Ruckuswireless R560 | ||
| Ruckuswireless Smartzone | <5.2.1.3 | |
| Ruckuswireless Smartzone | =6.1.0.0.935 | |
| Ruckuswireless M510-jp | ||
| Ruckuswireless P300 | ||
| Ruckuswireless Q410 | ||
| Ruckuswireless Q710 | ||
| Ruckuswireless Q910 | ||
| Ruckuswireless T811-cm\(non-spf\) | ||
| Ruckuswireless Zd1000 | ||
| Ruckuswireless Zd1100 | ||
| Ruckuswireless Zd1200 | ||
| Ruckuswireless Zd3000 | ||
| Ruckuswireless Zd5000 | ||
| Ruckuswireless Smartzone | <5.2.1.3.1695 | |
| Ruckuswireless Sz-144-federal | ||
| Ruckuswireless Sz300-federal | ||
| Ruckus Wireless Multiple Products | ||
| All of | ||
| Any of | ||
| Ruckuswireless E510 | ||
| Ruckuswireless H320 | ||
| Ruckuswireless H350 | ||
| Ruckuswireless H510 | ||
| Ruckuswireless H550 | ||
| Ruckuswireless M510 | ||
| Ruckuswireless R310 | ||
| Ruckuswireless R320 | ||
| Ruckuswireless R350 | ||
| Ruckuswireless R510 | ||
| Ruckuswireless R550 | ||
| Ruckuswireless R610 | ||
| Ruckuswireless R650 | ||
| Ruckuswireless R710 | ||
| Ruckuswireless R720 | ||
| Ruckuswireless R730 | ||
| Ruckuswireless R750 | ||
| Ruckuswireless R760 | ||
| Ruckuswireless R850 | ||
| Ruckuswireless Sz-144 | ||
| Ruckuswireless Sz100 | ||
| Ruckuswireless Sz300 | ||
| Ruckuswireless T310c | ||
| Ruckuswireless T310d | ||
| Ruckuswireless T310n | ||
| Ruckuswireless T310s | ||
| Ruckuswireless T350c | ||
| Ruckuswireless T350d | ||
| Ruckuswireless T350se | ||
| Ruckuswireless T610 | ||
| Ruckuswireless T710 | ||
| Ruckuswireless T710s | ||
| Ruckuswireless T750 | ||
| Ruckuswireless T750se | ||
| Ruckuswireless T811-cm | ||
| Any of | ||
| Ruckuswireless Ruckus Wireless Admin | <=10.4 | |
| Ruckuswireless Smartzone Ap | <6.1.0.0.9240 | |
| All of | ||
| Any of | ||
| Ruckuswireless E510 | ||
| Ruckuswireless H320 | ||
| Ruckuswireless H510 | ||
| Ruckuswireless M510 | ||
| Ruckuswireless R310 | ||
| Ruckuswireless R320 | ||
| Ruckuswireless R500 | ||
| Ruckuswireless R510 | ||
| Ruckuswireless R550 | ||
| Ruckuswireless R600 | ||
| Ruckuswireless R610 | ||
| Ruckuswireless R650 | ||
| Ruckuswireless R710 | ||
| Ruckuswireless R720 | ||
| Ruckuswireless R730 | ||
| Ruckuswireless R750 | ||
| Ruckuswireless R850 | ||
| Ruckuswireless T300 | ||
| Ruckuswireless T301n | ||
| Ruckuswireless T301s | ||
| Ruckuswireless T310c | ||
| Ruckuswireless T310d | ||
| Ruckuswireless T310n | ||
| Ruckuswireless T310s | ||
| Ruckuswireless T504 | ||
| Ruckuswireless T610 | ||
| Ruckuswireless T710 | ||
| Ruckuswireless T710s | ||
| Ruckuswireless T750 | ||
| Ruckuswireless T750se | ||
| Ruckuswireless T811-cm | ||
| Any of | ||
| Ruckuswireless Ruckus Wireless Admin | <=10.4 | |
| Ruckuswireless Smartzone Ap | <5.2.2.0.2064 | |
| All of | ||
| Any of | ||
| Ruckuswireless H500 | ||
| Ruckuswireless R300 | ||
| Ruckuswireless R700 | ||
| Any of | ||
| Ruckuswireless Ruckus Wireless Admin | <=10.4 | |
| Ruckuswireless Smartzone Ap | <3.6.2.0.795 | |
| All of | ||
| Ruckuswireless R560 | ||
| Any of | ||
| Ruckuswireless Ruckus Wireless Admin | <=10.4 | |
| Ruckuswireless Smartzone Ap | <6.1.1.0.1274 | |
| All of | ||
| Any of | ||
| Ruckuswireless Sz-144 | ||
| Ruckuswireless Sz300 | ||
| Any of | ||
| Ruckuswireless Ruckus Wireless Admin | <=10.4 | |
| Ruckuswireless Smartzone | <5.2.1.3 | |
| All of | ||
| Any of | ||
| Ruckuswireless Sz-144 | ||
| Ruckuswireless Sz100 | ||
| Ruckuswireless Sz300 | ||
| Any of | ||
| Ruckuswireless Ruckus Wireless Admin | <=10.4 | |
| Ruckuswireless Smartzone | =6.1.0.0.935 | |
| All of | ||
| Any of | ||
| Ruckuswireless M510-jp | ||
| Ruckuswireless P300 | ||
| Ruckuswireless Q410 | ||
| Ruckuswireless Q710 | ||
| Ruckuswireless Q910 | ||
| Ruckuswireless T811-cm\(non-spf\) | ||
| Ruckuswireless Zd1000 | ||
| Ruckuswireless Zd1100 | ||
| Ruckuswireless Zd1200 | ||
| Ruckuswireless Zd3000 | ||
| Ruckuswireless Zd5000 | ||
| Ruckuswireless Ruckus Wireless Admin | <=10.4 | |
| All of | ||
| Any of | ||
| Ruckuswireless Sz-144-federal | ||
| Ruckuswireless Sz300-federal | ||
| Any of | ||
| Ruckuswireless Ruckus Wireless Admin | <=10.4 | |
| Ruckuswireless Smartzone | <5.2.1.3.1695 |
Remedy
Apply updates per vendor instructions or disconnect product if it is end-of-life.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/type
- agent/remedy
- agent/weakness
- agent/description
- agent/severity
- agent/title
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/references
- agent/tags
- collector/nvd-cve
- source/NVD
- vendor/ruckuswireless
- canonical/ruckuswireless ruckus wireless admin
- version/ruckuswireless ruckus wireless admin/10.4
- canonical/ruckuswireless smartzone ap
- canonical/ruckuswireless e510
- canonical/ruckuswireless h320
- canonical/ruckuswireless h350
- canonical/ruckuswireless h510
- canonical/ruckuswireless h550
- canonical/ruckuswireless m510
- canonical/ruckuswireless r310
- canonical/ruckuswireless r320
- canonical/ruckuswireless r350
- canonical/ruckuswireless r510
- canonical/ruckuswireless r550
- canonical/ruckuswireless r610
- canonical/ruckuswireless r650
- canonical/ruckuswireless r710
- canonical/ruckuswireless r720
- canonical/ruckuswireless r730
- canonical/ruckuswireless r750
- canonical/ruckuswireless r760
- canonical/ruckuswireless r850
- canonical/ruckuswireless sz-144
- canonical/ruckuswireless sz100
- canonical/ruckuswireless sz300
- canonical/ruckuswireless t310c
- canonical/ruckuswireless t310d
- canonical/ruckuswireless t310n
- canonical/ruckuswireless t310s
- canonical/ruckuswireless t350c
- canonical/ruckuswireless t350d
- canonical/ruckuswireless t350se
- canonical/ruckuswireless t610
- canonical/ruckuswireless t710
- canonical/ruckuswireless t710s
- canonical/ruckuswireless t750
- canonical/ruckuswireless t750se
- canonical/ruckuswireless t811-cm
- canonical/ruckuswireless r500
- canonical/ruckuswireless r600
- canonical/ruckuswireless t300
- canonical/ruckuswireless t301n
- canonical/ruckuswireless t301s
- canonical/ruckuswireless t504
- canonical/ruckuswireless h500
- canonical/ruckuswireless r300
- canonical/ruckuswireless r700
- canonical/ruckuswireless r560
- canonical/ruckuswireless smartzone
- version/ruckuswireless smartzone/6.1.0.0.935
- canonical/ruckuswireless m510-jp
- canonical/ruckuswireless p300
- canonical/ruckuswireless q410
- canonical/ruckuswireless q710
- canonical/ruckuswireless q910
- canonical/ruckuswireless t811-cm\(non-spf\)
- canonical/ruckuswireless zd1000
- canonical/ruckuswireless zd1100
- canonical/ruckuswireless zd1200
- canonical/ruckuswireless zd3000
- canonical/ruckuswireless zd5000
- canonical/ruckuswireless sz-144-federal
- canonical/ruckuswireless sz300-federal
- vendor/ruckus wireless
- canonical/ruckus wireless multiple products