CVE-2020-13918 — HIGH (7.5)

Q: How severe is CVE-2020-13918?

CVE-2020-13918 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-13918?

Check the references section above for vendor advisories and patch information. Affected products include: Ruckuswireless Unleashed Firmware, Ruckuswireless C110, Ruckuswireless E510, Ruckuswireless H320, Ruckuswireless H510.

Vulnerability Description

Incorrect access control in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to leak system information (that can be used for a jailbreak) via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Ruckuswireless	Unleashed Firmware	<= 200.7.10.102.92
Ruckuswireless	C110	-
Ruckuswireless	E510	-
Ruckuswireless	H320	-
Ruckuswireless	H510	-
Ruckuswireless	M510	-
Ruckuswireless	R310	-
Ruckuswireless	R320	-
Ruckuswireless	R500	-
Ruckuswireless	R510	-
Ruckuswireless	R600	-
Ruckuswireless	R610	-
Ruckuswireless	R710	-
Ruckuswireless	R720	-
Ruckuswireless	R750	-
Ruckuswireless	T300	-
Ruckuswireless	T301N	-
Ruckuswireless	T301S	-
Ruckuswireless	T310C	-
Ruckuswireless	T310D	-

References

https://support.ruckuswireless.com/security_bulletins/304Vendor Advisory
https://support.ruckuswireless.com/security_bulletins/304Vendor Advisory

FAQ

What is CVE-2020-13918?

CVE-2020-13918 is a vulnerability with a CVSS score of 7.5 (HIGH). Incorrect access control in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to leak system information (that can be used for a jailbreak) via an unauthenticated craf...

How severe is CVE-2020-13918?

CVE-2020-13918 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-13918?

Check the references section above for vendor advisories and patch information. Affected products include: Ruckuswireless Unleashed Firmware, Ruckuswireless C110, Ruckuswireless E510, Ruckuswireless H320, Ruckuswireless H510.