CVE-2023-25717

Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cybir.com/2023/cve/proof-of-concept-ruckus-wireless-admin-10-4-unauthenticated-remote-code-execution-csrf-ssrf/	Exploit Third Party Advisory
https://support.ruckuswireless.com/security_bulletins/315	Patch Product Vendor Advisory
https://cybir.com/2023/cve/proof-of-concept-ruckus-wireless-admin-10-4-unauthenticated-remote-code-execution-csrf-ssrf/	Exploit Third Party Advisory
https://support.ruckuswireless.com/security_bulletins/315	Patch Product Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ruckuswireless:ruckus_wireless_admin::::::::
	cpe:2.3:o:ruckuswireless:smartzone_ap::::::::

OR	cpe:2.3:h:ruckuswireless:e510:-:::::::*
	cpe:2.3:h:ruckuswireless:h320:-:::::::*
	cpe:2.3:h:ruckuswireless:h350:-:::::::*
	cpe:2.3:h:ruckuswireless:h510:-:::::::*
	cpe:2.3:h:ruckuswireless:h550:-:::::::*
	cpe:2.3:h:ruckuswireless:m510:-:::::::*
	cpe:2.3:h:ruckuswireless:r310:-:::::::*
	cpe:2.3:h:ruckuswireless:r320:-:::::::*
	cpe:2.3:h:ruckuswireless:r350:-:::::::*
	cpe:2.3:h:ruckuswireless:r510:-:::::::*
	cpe:2.3:h:ruckuswireless:r550:-:::::::*
	cpe:2.3:h:ruckuswireless:r610:-:::::::*
	cpe:2.3:h:ruckuswireless:r650:-:::::::*
	cpe:2.3:h:ruckuswireless:r710:-:::::::*
	cpe:2.3:h:ruckuswireless:r720:-:::::::*
	cpe:2.3:h:ruckuswireless:r730:-:::::::*
	cpe:2.3:h:ruckuswireless:r750:-:::::::*
	cpe:2.3:h:ruckuswireless:r760:-:::::::*
	cpe:2.3:h:ruckuswireless:r850:-:::::::*
	cpe:2.3:h:ruckuswireless:sz-144:-:::::::*
	cpe:2.3:h:ruckuswireless:sz100:-:::::::*
	cpe:2.3:h:ruckuswireless:sz300:-:::::::*
	cpe:2.3:h:ruckuswireless:t310c:-:::::::*
	cpe:2.3:h:ruckuswireless:t310d:-:::::::*
	cpe:2.3:h:ruckuswireless:t310n:-:::::::*
	cpe:2.3:h:ruckuswireless:t310s:-:::::::*
	cpe:2.3:h:ruckuswireless:t350c:-:::::::*
	cpe:2.3:h:ruckuswireless:t350d:-:::::::*
	cpe:2.3:h:ruckuswireless:t350se:-:::::::*
	cpe:2.3:h:ruckuswireless:t610:-:::::::*
	cpe:2.3:h:ruckuswireless:t710:-:::::::*
	cpe:2.3:h:ruckuswireless:t710s:-:::::::*
	cpe:2.3:h:ruckuswireless:t750:-:::::::*
	cpe:2.3:h:ruckuswireless:t750se:-:::::::*
	cpe:2.3:h:ruckuswireless:t811-cm:-:::::::*

Configuration 2 (hide)

AND

OR	cpe:2.3:a:ruckuswireless:ruckus_wireless_admin::::::::
	cpe:2.3:o:ruckuswireless:smartzone_ap::::::::

OR	cpe:2.3:h:ruckuswireless:e510:-:::::::*
	cpe:2.3:h:ruckuswireless:h320:-:::::::*
	cpe:2.3:h:ruckuswireless:h510:-:::::::*
	cpe:2.3:h:ruckuswireless:m510:-:::::::*
	cpe:2.3:h:ruckuswireless:r310:-:::::::*
	cpe:2.3:h:ruckuswireless:r320:-:::::::*
	cpe:2.3:h:ruckuswireless:r500:-:::::::*
	cpe:2.3:h:ruckuswireless:r510:-:::::::*
	cpe:2.3:h:ruckuswireless:r550:-:::::::*
	cpe:2.3:h:ruckuswireless:r600:-:::::::*
	cpe:2.3:h:ruckuswireless:r610:-:::::::*
	cpe:2.3:h:ruckuswireless:r650:-:::::::*
	cpe:2.3:h:ruckuswireless:r710:-:::::::*
	cpe:2.3:h:ruckuswireless:r720:-:::::::*
	cpe:2.3:h:ruckuswireless:r730:-:::::::*
	cpe:2.3:h:ruckuswireless:r750:-:::::::*
	cpe:2.3:h:ruckuswireless:r850:-:::::::*
	cpe:2.3:h:ruckuswireless:t300:-:::::::*
	cpe:2.3:h:ruckuswireless:t301n:-:::::::*
	cpe:2.3:h:ruckuswireless:t301s:-:::::::*
	cpe:2.3:h:ruckuswireless:t310c:-:::::::*
	cpe:2.3:h:ruckuswireless:t310d:-:::::::*
	cpe:2.3:h:ruckuswireless:t310n:-:::::::*
	cpe:2.3:h:ruckuswireless:t310s:-:::::::*
	cpe:2.3:h:ruckuswireless:t504:-:::::::*
	cpe:2.3:h:ruckuswireless:t610:-:::::::*
	cpe:2.3:h:ruckuswireless:t710:-:::::::*
	cpe:2.3:h:ruckuswireless:t710s:-:::::::*
	cpe:2.3:h:ruckuswireless:t750:-:::::::*
	cpe:2.3:h:ruckuswireless:t750se:-:::::::*
	cpe:2.3:h:ruckuswireless:t811-cm:-:::::::*

Configuration 3 (hide)

AND

OR	cpe:2.3:a:ruckuswireless:ruckus_wireless_admin::::::::
	cpe:2.3:o:ruckuswireless:smartzone_ap::::::::

OR	cpe:2.3:h:ruckuswireless:h500:-:::::::*
	cpe:2.3:h:ruckuswireless:r300:-:::::::*
	cpe:2.3:h:ruckuswireless:r700:-:::::::*

Configuration 4 (hide)

AND

OR	cpe:2.3:a:ruckuswireless:ruckus_wireless_admin::::::::
	cpe:2.3:o:ruckuswireless:smartzone_ap::::::::

cpe:2.3:h:ruckuswireless:r560:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

OR	cpe:2.3:a:ruckuswireless:ruckus_wireless_admin::::::::
	cpe:2.3:o:commscope:ruckus_smartzone_firmware::::::::

OR	cpe:2.3:h:ruckuswireless:sz-144:-:::::::*
	cpe:2.3:h:ruckuswireless:sz300:-:::::::*

Configuration 6 (hide)

AND

OR	cpe:2.3:a:ruckuswireless:ruckus_wireless_admin::::::::
	cpe:2.3:o:commscope:ruckus_smartzone_firmware:6.1.0.0.935:::::::*

OR	cpe:2.3:h:ruckuswireless:sz-144:-:::::::*
	cpe:2.3:h:ruckuswireless:sz100:-:::::::*
	cpe:2.3:h:ruckuswireless:sz300:-:::::::*

Configuration 7 (hide)

AND

cpe:2.3:a:ruckuswireless:ruckus_wireless_admin:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:ruckuswireless:m510-jp:-:::::::*
	cpe:2.3:h:ruckuswireless:p300:-:::::::*
	cpe:2.3:h:ruckuswireless:q410:-:::::::*
	cpe:2.3:h:ruckuswireless:q710:-:::::::*
	cpe:2.3:h:ruckuswireless:q910:-:::::::*
	cpe:2.3:h:ruckuswireless:t811-cm$non-spf$:-:::::::*
	cpe:2.3:h:ruckuswireless:zd1000:-:::::::*
	cpe:2.3:h:ruckuswireless:zd1100:-:::::::*
	cpe:2.3:h:ruckuswireless:zd1200:-:::::::*
	cpe:2.3:h:ruckuswireless:zd3000:-:::::::*
	cpe:2.3:h:ruckuswireless:zd5000:-:::::::*

Configuration 8 (hide)

AND

OR	cpe:2.3:a:ruckuswireless:ruckus_wireless_admin::::::::
	cpe:2.3:o:commscope:ruckus_smartzone_firmware::::::::

OR	cpe:2.3:h:ruckuswireless:sz-144-federal:-:::::::*
	cpe:2.3:h:ruckuswireless:sz300-federal:-:::::::*

History

22 Aug 2025, 21:09

Type	Values Removed	Values Added
CPE	cpe:2.3:o:ruckuswireless:smartzone:::::::: cpe:2.3:o:ruckuswireless:smartzone:6.1.0.0.935:::::::*	cpe:2.3:o:commscope:ruckus_smartzone_firmware:::::::: cpe:2.3:o:commscope:ruckus_smartzone_firmware:6.1.0.0.935:::::::*
First Time		Commscope ruckus Smartzone Firmware Commscope

21 Nov 2024, 07:49

Type	Values Removed	Values Added
References	~~() https://cybir.com/2023/cve/proof-of-concept-ruckus-wireless-admin-10-4-unauthenticated-remote-code-execution-csrf-ssrf/ - Exploit, Third Party Advisory~~	() https://cybir.com/2023/cve/proof-of-concept-ruckus-wireless-admin-10-4-unauthenticated-remote-code-execution-csrf-ssrf/ - Exploit, Third Party Advisory
References	~~() https://support.ruckuswireless.com/security_bulletins/315 - Patch, Product, Vendor Advisory~~	() https://support.ruckuswireless.com/security_bulletins/315 - Patch, Product, Vendor Advisory
Summary		(es) Ruckus Wireless Admin hasta la versión 10.4 permite la ejecución remota de código a través de una solicitud HTTP GET no autenticada, como lo demuestra /forms/doLogin?login_username=admin&password=password$(curl substring.

Information

Published : 2023-02-13 20:15

Updated : 2025-08-22 21:09

NVD link : CVE-2023-25717

Mitre link : CVE-2023-25717

CVE.ORG link : CVE-2023-25717

JSON object : View

Products Affected

ruckuswireless

r510
t750
r550
sz-144
t301n
r610
q910
r320
t310d
t710
h500
t310s
r700
r560
q410
zd3000
smartzone_ap
zd1100
r710
t750se
zd1200
t504
zd1000
r760
sz300
p300
t350se
r500
r600
r350
sz300-federal
h510
ruckus_wireless_admin
e510
m510
r720
r310
sz-144-federal
h350
t301s
t350c
t350d
zd5000
t310n
t811-cm
t300
t811-cm$non-spf$
r650
q710
r850
r300
h550
r730
t610
sz100
h320
t710s
m510-jp
r750
t310c

commscope

ruckus_smartzone_firmware

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

9.8 /10