Vulnerability Description
Ruckus Networks Solo APs firmware releases R110.x or before and Ruckus Networks SZ managed APs firmware releases R5.x or before contain authenticated Root Command Injection in the web-GUI that could allow authenticated valid users to execute privileged commands on the respective systems.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ruckuswireless | Solo Access Point Firmware | <= r110.0 |
| Ruckuswireless | Smartzone Managed Access Point Firmware | <= r5.0 |
Related Weaknesses (CWE)
References
- https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-201802MitigationVendor Advisory
- https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-201802MitigationVendor Advisory
FAQ
What is CVE-2017-6230?
CVE-2017-6230 is a vulnerability with a CVSS score of 8.8 (HIGH). Ruckus Networks Solo APs firmware releases R110.x or before and Ruckus Networks SZ managed APs firmware releases R5.x or before contain authenticated Root Command Injection in the web-GUI that could a...
How severe is CVE-2017-6230?
CVE-2017-6230 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-6230?
Check the references section above for vendor advisories and patch information. Affected products include: Ruckuswireless Solo Access Point Firmware, Ruckuswireless Smartzone Managed Access Point Firmware.