CVE-2020-7234 — MEDIUM (4.8)

Vulnerability Description

Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via the SSID field on the Configuration > Radio 2.4G > Wireless X screen (after a successful login to the super account).

CVSS Score

4.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Ruckuswireless	R310 Firmware	104.0.0.0.1347
Ruckuswireless	R310	-

Related Weaknesses (CWE)

CWE-79

References

https://sku11army.blogspot.com/2020/01/ruckus-wireless-authenticated-stored.htmlExploitThird Party Advisory
https://sku11army.blogspot.com/2020/01/ruckus-wireless-authenticated-stored.htmlExploitThird Party Advisory

FAQ

What is CVE-2020-7234?

CVE-2020-7234 is a vulnerability with a CVSS score of 4.8 (MEDIUM). Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via the SSID field on the Configuration > Radio 2.4G > Wireless X screen (after a successful login to the super account).

How severe is CVE-2020-7234?

CVE-2020-7234 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-7234?

Check the references section above for vendor advisories and patch information. Affected products include: Ruckuswireless R310 Firmware, Ruckuswireless R310.