Skip to main content

Ruckus Zoneflex R500 Firmware

4 CVEs product

Monthly

CVE-2020-8830 HIGH POC This Week

CSRF in login.asp on Ruckus devices allows an attacker to access the panel, and use SSRF to perform scraping or other analysis via the SUBCA-1 field on the Wireless Admin screen. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF CSRF Ruckus Zoneflex R500 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-8033 MEDIUM POC This Month

Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Name field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ruckus Zoneflex R500 Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-7983 HIGH POC This Week

A CSRF issue in login.asp on Ruckus R500 3.4.2.0.384 devices allows remote attackers to access the panel or conduct SSRF attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF CSRF Ruckus Zoneflex R500 Firmware
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2020-8438 HIGH POC This Week

Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ruckus Zoneflex R500 Firmware
NVD
CVSS 3.1
7.2
EPSS
1.6%
EPSS 1% CVSS 8.8
HIGH POC This Week

CSRF in login.asp on Ruckus devices allows an attacker to access the panel, and use SSRF to perform scraping or other analysis via the SUBCA-1 field on the Wireless Admin screen. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF CSRF Ruckus Zoneflex R500 Firmware
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Name field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ruckus Zoneflex R500 Firmware
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC This Week

A CSRF issue in login.asp on Ruckus R500 3.4.2.0.384 devices allows remote attackers to access the panel or conduct SSRF attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF CSRF Ruckus Zoneflex R500 Firmware
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ruckus Zoneflex R500 Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy