CVE-2023-25717
Multiple Ruckus Wireless Products CSRF and RCE Vulnerability
CVSS
—
No CVSS
EPSS
95.3%
p100
KEV
YES
May 12, 2023
Exploit Today
80
0-100
Published: — · Last modified: —
Product
Ruckus Wireless / Multiple Products
Vulnerability
Multiple Ruckus Wireless Products CSRF and RCE Vulnerability
Added to KEV
May 12, 2023
Remediate by
Jun 2, 2023
Known ransomware use
No
Summary description
Ruckus Wireless Access Point (AP) software contains an unspecified vulnerability in the web services component. If the web services component is enabled on the AP, an attacker can perform cross-site request forgery (CSRF) or remote code execution (RCE). This vulnerability impacts Ruckus ZoneDirector, SmartZone, and Solo APs.
Required action
Apply updates per vendor instructions or disconnect product if it is end-of-life.
Notes
https://support.ruckuswireless.com/security_bulletins/315; https://nvd.nist.gov/vuln/detail/CVE-2023-25717
No related CVEs by CWE or product.