CVE-2021-36630

HIGH

Ruckus Wireless SmartZone - DoS

Title source: llm

Description

DDOS reflection amplification vulnerability in eAut module of Ruckus Wireless SmartZone controller that allows remote attackers to perform DOS attacks via crafted request.

Exploits (1)

nomisec WORKING POC

by lixiang957 · poc

https://github.com/lixiang957/CVE-2021-36630

View Code ZIP pw:eip

References (6)

Core 6

Core References

Not Applicable

http://ruckus.com

Broken Link

http://smartzone-100.com

Exploit, Mitigation, Technical Description, Third Party Advisory

https://anquan.baidu.com/article/1434

Exploit, Third Party Advisory

https://github.com/lixiang957/CVE-2021-36630

Vendor Advisory

https://www.commscope.com/globalassets/digizuite/921070-faq-security-advisory-id-20210719-v1-0.pdf

Exploit, Third Party Advisory

https://www.freebuf.com/articles/web/260338.html

Scores

CVSS v3 7.5

EPSS 0.3992

EPSS Percentile 97.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-770

Status published

Products (4)

ruckuswireless/sz-100_firmware < 3.6.2

ruckuswireless/sz-144_firmware < 3.6.2

ruckuswireless/sz-300_firmware < 3.6.2

ruckuswireless/vsz_firmware < 3.6.2

Published Jan 18, 2023

Tracked Since Feb 18, 2026