CVE-2018-11036

Ruckus SmartZone (formerly Virtual SmartCell Gateway or vSCG) 3.5.0, 3.5.1, 3.6.0, and 3.6.1 (Essentials and High Scale) on vSZ, SZ-100, SZ-300, and SCG-200 devices allows remote attackers to obtain sensitive information or modify data.

Published: May 31, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-11036
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.1
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
ruckuswireless / vsz_firmware	3.5.0	3.5.0.x
ruckuswireless / vsz_firmware	3.5.1	3.5.1.x
ruckuswireless / vsz_firmware	3.6.0	3.6.0.x
ruckuswireless / vsz_firmware	3.6.1	3.6.1.x
ruckuswireless / scg-200_firmware	3.5.0	3.5.0.x
ruckuswireless / scg-200_firmware	3.5.1	3.5.1.x
ruckuswireless / scg-200_firmware	3.6.0	3.6.0.x
ruckuswireless / scg-200_firmware	3.6.1	3.6.1.x
ruckuswireless / sz-300_firmware	3.5.0	3.5.0.x
ruckuswireless / sz-300_firmware	3.5.1	3.5.1.x
ruckuswireless / sz-300_firmware	3.6.0	3.6.0.x
ruckuswireless / sz-300_firmware	3.6.1	3.6.1.x
ruckuswireless / sz-100_firmware	3.5.0	3.5.0.x
ruckuswireless / sz-100_firmware	3.5.1	3.5.1.x
ruckuswireless / sz-100_firmware	3.6.0	3.6.0.x
ruckuswireless / sz-100_firmware	3.6.1	3.6.1.x

https://www.ruckuswireless.com/security/279/view/txt

Vulnerability Database

290,278

CVE-2018-11036