CVE-2017-6224
Severity CVSS v4.0:
Pending analysis
Type:
CWE-78
OS Command Injections
Publication date:
13/10/2017
Last modified:
20/04/2025
Description
Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ZD10.0.0.x, ZD10.0.1.x (less than 10.0.1.0.17 MR1 release) and Ruckus Wireless Unleashed AP Firmware releases 200.0.x, 200.1.x, 200.2.x, 200.3.x, 200.4.x. contain OS Command Injection vulnerabilities that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system by appending those commands in the Common Name field in the Certificate Generation Request.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Base Score 2.0
9.30
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:ruckuswireless:zonedirector_firmware:zd9.9.0.0.205:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ruckuswireless:zonedirector_firmware:zd9.9.0.0.212:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ruckuswireless:zonedirector_firmware:zd9.9.0.0.216:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ruckuswireless:zonedirector_firmware:zd9.10.0.0.218:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ruckuswireless:zonedirector_firmware:zd9.13.0.0.103:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ruckuswireless:zonedirector_firmware:zd9.13.0.0.209:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ruckuswireless:zonedirector:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ruckuswireless:unleashed_firmware:200.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ruckuswireless:unleashed_firmware:200.1.9.12.55:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ruckuswireless:unleashed_firmware:200.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ruckuswireless:unleashed_firmware:200.3.9.13.228:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ruckuswireless:unleashed_firmware:200.4.9.13:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ruckuswireless:unleashed_firmware:200.4.9.13.47:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ruckuswireless:unleashed:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page