CVE-2017-6229

HIGH

Ruckuswireless R500 Firmware < 200.6.10.1.0 - OS Command Injection

Title source: rule
STIX 2.1

Description

Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and Ruckus Networks Zone Director firmware releases 10.1.0.0.x, 9.10.2.0.x, 9.12.3.0.x, 9.13.3.0.x, 10.0.1.0.x or before contain authenticated Root Command Injection in the CLI that could allow authenticated valid users to execute privileged commands on the respective systems.

References (1)

Core 1

Scores

CVSS v3 8.8
EPSS 0.0227
EPSS Percentile 80.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (17)
ruckuswireless/h320_firmware < 200.6.10.1.0
ruckuswireless/h510_firmware < 200.6.10.1.0
ruckuswireless/r310_firmware < 200.6.10.1.0
ruckuswireless/r500_firmware < 200.6.10.1.0
ruckuswireless/r510_firmware < 200.6.10.1.0
ruckuswireless/r600_firmware < 200.6.10.1.0
ruckuswireless/r710_firmware < 200.6.10.1.0
ruckuswireless/r720_firmware < 200.6.10.1.0
ruckuswireless/t300_firmware < 200.6.10.1.0
ruckuswireless/t300e_firmware < 200.6.10.1.0
... and 7 more
Published Feb 14, 2018
Tracked Since Feb 18, 2026