CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2023-25717

CVSS 9.8v3.1pub. 2023-02-13upd. 2025-11-03

Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Commscope Ruckus Smartzone Firmware

    OS
    Commscope
    6.1.0.0.935< 5.2.1.3< 5.2.1.3.1695
  • Ruckuswireless E510

    HW
    Ruckuswireless
    wszystkie wersje
  • Ruckuswireless H320

    HW
    Ruckuswireless
    wszystkie wersje
  • Ruckuswireless H350

    HW
    Ruckuswireless
    wszystkie wersje
  • Ruckuswireless H500

    HW
    Ruckuswireless
    wszystkie wersje
  • Ruckuswireless H510

    HW
    Ruckuswireless
    wszystkie wersje
  • Ruckuswireless H550

    HW
    Ruckuswireless
    wszystkie wersje
  • Ruckuswireless M510

    HW
    Ruckuswireless
    wszystkie wersje
  • Ruckuswireless M510 Jp

    HW
    Ruckuswireless
    wszystkie wersje
  • Ruckuswireless P300

    HW
    Ruckuswireless
    wszystkie wersje
  • Ruckuswireless Q410

    HW
    Ruckuswireless
    wszystkie wersje
  • Ruckuswireless Q710

    HW
    Ruckuswireless
    wszystkie wersje
  • Ruckuswireless Q910

    HW
    Ruckuswireless
    wszystkie wersje
  • Ruckuswireless R300

    HW
    Ruckuswireless
    wszystkie wersje
  • Ruckuswireless R310

    HW
    Ruckuswireless
    wszystkie wersje
  • Ruckuswireless R320

    HW
    Ruckuswireless
    wszystkie wersje
  • Ruckuswireless R350

    HW
    Ruckuswireless
    wszystkie wersje
  • Ruckuswireless R500

    HW
    Ruckuswireless
    wszystkie wersje
  • Ruckuswireless R510

    HW
    Ruckuswireless
    wszystkie wersje
  • Ruckuswireless R550

    HW
    Ruckuswireless
    wszystkie wersje
  • Ruckuswireless R560

    HW
    Ruckuswireless
    wszystkie wersje
  • Ruckuswireless R600

    HW
    Ruckuswireless
    wszystkie wersje
  • Ruckuswireless R610

    HW
    Ruckuswireless
    wszystkie wersje
  • Ruckuswireless R650

    HW
    Ruckuswireless
    wszystkie wersje
  • Ruckuswireless R700

    HW
    Ruckuswireless
    wszystkie wersje
  • Ruckuswireless R710

    HW
    Ruckuswireless
    wszystkie wersje
  • Ruckuswireless R720

    HW
    Ruckuswireless
    wszystkie wersje
  • Ruckuswireless R730

    HW
    Ruckuswireless
    wszystkie wersje
  • Ruckuswireless R750

    HW
    Ruckuswireless
    wszystkie wersje
  • Ruckuswireless R760

    HW
    Ruckuswireless
    wszystkie wersje

CISA KEV — detailsi

Vendori
Ruckus Wireless
Producti
Multiple Products
Added to KEVi
May 12, 2023
Remediation deadline (US Federal)i
June 2, 2023(overdue)
Required action (CISA)i

Apply updates per vendor instructions or disconnect product if it is end-of-life.

CISA descriptioni

Ruckus Wireless Access Point (AP) software contains an unspecified vulnerability in the web services component. If the web services component is enabled on the AP, an attacker can perform cross-site request forgery (CSRF) or remote code execution (RCE). This vulnerability impacts Ruckus ZoneDirector, SmartZone, and Solo APs.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 2 czerwca 2023
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-44961CRITICAL9.9PL ✓ten sam produkt

Command injection w RUCKUS SmartZone przez pole adresu IP

CVE-2025-44954CRITICAL9.0PL ✓ten sam produkt

Hardcoded SSH private key w RUCKUS SmartZone — dostęp root zdalnie

CVE-2020-22658CRITICAL9.8ten sam produkt

In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruc...

CVE-2020-22654CRITICAL9.8ten sam produkt

In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruc...

CVE-2020-22653CRITICAL9.8ten sam produkt

In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruc...