CVE-2023-25717
Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.
| Software | From | Fixed in |
|---|---|---|
| ruckuswireless / ruckus_wireless_admin | - | 10.4.x |
| ruckuswireless / smartzone_ap | - | 6.1.0.0.9240 |
| ruckuswireless / smartzone_ap | - | 5.2.2.0.2064 |
| ruckuswireless / smartzone_ap | - | 3.6.2.0.795 |
| ruckuswireless / smartzone_ap | - | 6.1.1.0.1274 |
| commscope / ruckus_smartzone_firmware | - | 5.2.1.3 |
| commscope / ruckus_smartzone_firmware | 6.1.0.0.935 | 6.1.0.0.935.x |
| commscope / ruckus_smartzone_firmware | - | 5.2.1.3.1695 |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime