This page lists publicly disclosed CVE vulnerabilities affecting ruckuswireless unleashed (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2019-19839 | emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/_cmdstat.jsp via the uploadFile attribute. | [email protected] | 9.8 | 4.27% | 2020-01-23 | 2024-11-21 |
| CVE-2019-19838 | emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/_cmdstat.jsp via the uploadFile attribute. | [email protected] | 9.8 | 23.29% | 2020-01-23 | 2024-11-21 |
| CVE-2019-19837 | Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote information disclosure of bin/web.conf via HTTP requests. | [email protected] | 5.3 | 1.21% | 2020-01-23 | 2024-11-21 |
| CVE-2019-19835 | SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote denial of service via the server attribute to the tools/_rcmdstat.jsp URI. | [email protected] | 7.5 | 1.33% | 2020-01-23 | 2024-11-21 |
| CVE-2019-19842 | emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=spectra-analysis to admin/_cmdstat.jsp via the mac attribute. | [email protected] | 9.8 | 6.70% | 2020-01-22 | 2024-11-21 |
| CVE-2019-19841 | emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=packet-capture to admin/_cmdstat.jsp via the mac attribute. | [email protected] | 9.8 | 4.27% | 2020-01-22 | 2024-11-21 |
| CVE-2019-19840 | A stack-based buffer overflow in zap_parse_args in zap.c in zap in Ruckus Unleashed through 200.7.10.102.64 allows remote code execution via an unauthenticated HTTP request. | [email protected] | 9.8 | 21.70% | 2020-01-22 | 2024-11-21 |
| CVE-2019-19843 | Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wps_tool_cache. | [email protected] | 9.8 | 0.65% | 2020-01-22 | 2024-11-21 |
| CVE-2019-19836 | AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote code execution via a POST request that uses tools/_rcmdstat.jsp to write to a specified filename. | [email protected] | 9.8 | 2.40% | 2020-01-22 | 2024-11-21 |
| CVE-2019-19834 | Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote attacker to jailbreak the CLI via enable->debug->script->exec with ../../../bin/sh as the parameter. | [email protected] | 7.2 | 1.34% | 2020-01-22 | 2024-11-21 |