CVE-2017-6229
HIGHRuckuswireless R500 Firmware < 200.6.10.1.0 - OS Command Injection
Title source: ruleDescription
Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and Ruckus Networks Zone Director firmware releases 10.1.0.0.x, 9.10.2.0.x, 9.12.3.0.x, 9.13.3.0.x, 10.0.1.0.x or before contain authenticated Root Command Injection in the CLI that could allow authenticated valid users to execute privileged commands on the respective systems.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-20180202-v1.0.txt
Scores
CVSS v3
8.8
EPSS
0.0227
EPSS Percentile
80.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (17)
ruckuswireless/h320_firmware
< 200.6.10.1.0
ruckuswireless/h510_firmware
< 200.6.10.1.0
ruckuswireless/r310_firmware
< 200.6.10.1.0
ruckuswireless/r500_firmware
< 200.6.10.1.0
ruckuswireless/r510_firmware
< 200.6.10.1.0
ruckuswireless/r600_firmware
< 200.6.10.1.0
ruckuswireless/r710_firmware
< 200.6.10.1.0
ruckuswireless/r720_firmware
< 200.6.10.1.0
ruckuswireless/t300_firmware
< 200.6.10.1.0
ruckuswireless/t300e_firmware
< 200.6.10.1.0
... and 7 more
Published
Feb 14, 2018
Tracked Since
Feb 18, 2026