CVE-2019-19842

CRITICAL

Ruckus Wireless Unleashed < 200.7.10.202.94 - Remote Code Execution via mac Attribute in admin/_cmdstat.jsp

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-19842. PoCs published by bdunlap9.

AI-analyzed exploit summary This repository contains a functional Python script that exploits CVE-2019-19842, an OS command injection vulnerability in Ruckus Wireless Unleashed devices. The exploit sends a crafted POST request to the `/admin/_cmdstat.jsp` endpoint with a malicious command embedded in the `xcmd` parameter.

Description

emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=spectra-analysis to admin/_cmdstat.jsp via the mac attribute.

Exploits (1)

nomisec WORKING POC

by bdunlap9 · poc

https://github.com/bdunlap9/CVE-2019-19842

View Code ZIP pw:eip

This repository contains a functional Python script that exploits CVE-2019-19842, an OS command injection vulnerability in Ruckus Wireless Unleashed devices. The exploit sends a crafted POST request to the `/admin/_cmdstat.jsp` endpoint with a malicious command embedded in the `xcmd` parameter.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Ruckus Wireless Unleashed (versions affected by CVE-2019-19842)

No auth needed

Prerequisites: Network access to the target device · Target device must be running a vulnerable version of Ruckus Wireless Unleashed

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory x_refsource_misc

https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html

Vendor Advisory x_refsource_misc

https://www.ruckuswireless.com/security/299/view/txt

Exploit, Technical Description, Third Party Advisory x_refsource_misc

https://alephsecurity.com/2020/01/14/ruckus-wireless

Scores

CVSS v3 9.8

EPSS 0.0496

EPSS Percentile 91.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (2)

ruckuswireless/unleashed < 200.7.10.202.94

ruckuswireless/zonedirector_1200_firmware < 9.10.2.0.84

Published Jan 22, 2020

Tracked Since Feb 18, 2026