CVE-2019-19837 — MEDIUM (5.3)

Q: What is CVE-2019-19837?

CVE-2019-19837 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote information disclosure of bin/web.conf via HTTP requests.

Q: How severe is CVE-2019-19837?

CVE-2019-19837 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-19837?

Check the references section above for vendor advisories and patch information. Affected products include: Ruckuswireless Unleashed, Ruckuswireless C110, Ruckuswireless E510, Ruckuswireless H320, Ruckuswireless H510.

Vulnerability Description

Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote information disclosure of bin/web.conf via HTTP requests.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Ruckuswireless	Unleashed	< 200.7.10.202.94
Ruckuswireless	C110	-
Ruckuswireless	E510	-
Ruckuswireless	H320	-
Ruckuswireless	H510	-
Ruckuswireless	M510	-
Ruckuswireless	R310	-
Ruckuswireless	R320	-
Ruckuswireless	R510	-
Ruckuswireless	R610	-
Ruckuswireless	R710	-
Ruckuswireless	R720	-
Ruckuswireless	T310	-
Ruckuswireless	T610	-
Ruckuswireless	T710	-
Ruckuswireless	Zonedirector 1200 Firmware	< 9.10.2.0.84
Ruckuswireless	Zonedirector 1200	-

References

https://alephsecurity.com/2020/01/14/ruckus-wirelessExploitTechnical DescriptionThird Party Advisory
https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.htmlThird Party Advisory
https://www.ruckuswireless.com/security/299/view/txtVendor Advisory
https://alephsecurity.com/2020/01/14/ruckus-wirelessExploitTechnical DescriptionThird Party Advisory
https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.htmlThird Party Advisory
https://www.ruckuswireless.com/security/299/view/txtVendor Advisory

FAQ

What is CVE-2019-19837?

CVE-2019-19837 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote information disclosure of bin/web.conf via HTTP requests.

How severe is CVE-2019-19837?

CVE-2019-19837 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-19837?

Check the references section above for vendor advisories and patch information. Affected products include: Ruckuswireless Unleashed, Ruckuswireless C110, Ruckuswireless E510, Ruckuswireless H320, Ruckuswireless H510.