logo

CVE-2023-25717 - Multiple Ruckus Wireless Products CSRF and RCE Vulnerability

CVE-2023-25717

Ruckus Wireless | Multiple Products

  • Date Added:
  • 2023-05-12
  • Due Date:
  • 2023-06-02
Vulnerability Name

Multiple Ruckus Wireless Products CSRF and RCE Vulnerability

Description

Ruckus Wireless Access Point (AP) software contains an unspecified vulnerability in the web services component. If the web services component is enabled on the AP, an attacker can perform cross-site request forgery (CSRF) or remote code execution (RCE). This vulnerability impacts Ruckus ZoneDirector, SmartZone, and Solo APs.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions or disconnect product if it is end-of-life.

Additional Notes
https://support.ruckuswireless.com/security_bulletins/315; https://nvd.nist.gov/vuln/detail/CVE-2023-25717

Free online web security scanner