Vulnerability Description
DDOS reflection amplification vulnerability in eAut module of Ruckus Wireless SmartZone controller that allows remote attackers to perform DOS attacks via crafted request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ruckuswireless | Sz-300 Firmware | <= 3.6.2 |
| Ruckuswireless | Sz-300 | - |
| Ruckuswireless | Sz-144 Firmware | <= 3.6.2 |
| Ruckuswireless | Sz-144 | - |
| Ruckuswireless | Sz-100 Firmware | <= 3.6.2 |
| Ruckuswireless | Sz-100 | - |
| Ruckuswireless | Vsz Firmware | <= 3.6.2 |
| Ruckuswireless | Vsz | - |
Related Weaknesses (CWE)
References
- http://ruckus.comNot Applicable
- http://smartzone-100.comBroken Link
- https://anquan.baidu.com/article/1434ExploitMitigationTechnical Description
- https://github.com/lixiang957/CVE-2021-36630ExploitThird Party Advisory
- https://www.commscope.com/globalassets/digizuite/921070-faq-security-advisory-idVendor Advisory
- https://www.freebuf.com/articles/web/260338.htmlExploitThird Party Advisory
- http://ruckus.comNot Applicable
- http://smartzone-100.comBroken Link
- https://anquan.baidu.com/article/1434ExploitMitigationTechnical Description
- https://github.com/lixiang957/CVE-2021-36630ExploitThird Party Advisory
- https://www.commscope.com/globalassets/digizuite/921070-faq-security-advisory-idVendor Advisory
- https://www.freebuf.com/articles/web/260338.htmlExploitThird Party Advisory
FAQ
What is CVE-2021-36630?
CVE-2021-36630 is a vulnerability with a CVSS score of 7.5 (HIGH). DDOS reflection amplification vulnerability in eAut module of Ruckus Wireless SmartZone controller that allows remote attackers to perform DOS attacks via crafted request.
How severe is CVE-2021-36630?
CVE-2021-36630 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-36630?
Check the references section above for vendor advisories and patch information. Affected products include: Ruckuswireless Sz-300 Firmware, Ruckuswireless Sz-300, Ruckuswireless Sz-144 Firmware, Ruckuswireless Sz-144, Ruckuswireless Sz-100 Firmware.