CVE-2023-25717 - Multiple Ruckus Wireless Products CSRF and RCE Vulnerability

: Ruckus Wireless | Multiple Products

Date Added:
2023-05-12

Due Date:
2023-06-02

Vulnerability Name: Multiple Ruckus Wireless Products CSRF and RCE Vulnerability

Description: Ruckus Wireless Access Point (AP) software contains an unspecified vulnerability in the web services component. If the web services component is enabled on the AP, an attacker can perform cross-site request forgery (CSRF) or remote code execution (RCE). This vulnerability impacts Ruckus ZoneDirector, SmartZone, and Solo APs.

Known To Be Used in Ransomware Campaigns?: Unknown

Action: Apply updates per vendor instructions or disconnect product if it is end-of-life.

Additional Notes: https://support.ruckuswireless.com/security_bulletins/315; https://nvd.nist.gov/vuln/detail/CVE-2023-25717

Free online web security scanner

Don't show website scan report rating on the leaderboard