CVE-2020-13918
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
28/07/2020
Last modified:
21/07/2021
Description
Incorrect access control in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to leak system information (that can be used for a jailbreak) via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:ruckuswireless:unleashed_firmware:*:*:*:*:*:*:*:* | 200.7.10.102.92 (including) | |
| cpe:2.3:h:ruckuswireless:c110:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ruckuswireless:e510:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ruckuswireless:h320:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ruckuswireless:h510:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ruckuswireless:m510:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ruckuswireless:r310:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ruckuswireless:r320:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ruckuswireless:r500:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ruckuswireless:r510:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ruckuswireless:r600:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ruckuswireless:r610:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ruckuswireless:r710:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ruckuswireless:r720:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ruckuswireless:r750:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page