CVE-2017-6229

Published: Feb 14, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and Ruckus Networks Zone Director firmware releases 10.1.0.0.x, 9.10.2.0.x, 9.12.3.0.x, 9.13.3.0.x, 10.0.1.0.x or before contain authenticated Root Command Injection in the CLI that could allow authenticated valid users to execute privileged commands on the respective systems.

Affected (23)

Products: Ruckuswireless: R500 Firmware, R600 Firmware, R310 Firmware, H320 Firmware, H510 Firmware, R710 Firmware, R720 Firmware, T300 Firmware, T301 Firmware, T300e Firmware, T610 Firmware, T710 Firmware, R510 Firmware, Zonedirector 1200 Firmware, Zonedirector 3000 Firmware

15 products

Zonedirector 1200 Firmware

Zonedirector 3000 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruckuswireless R500 Firmware	Before 200.6.10.1.0

Running on/with	Platform Versions
Ruckuswireless R500	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruckuswireless R600 Firmware	Before 200.6.10.1.0

Running on/with	Platform Versions
Ruckuswireless R600	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruckuswireless R310 Firmware	Before 200.6.10.1.0

Running on/with	Platform Versions
Ruckuswireless R310	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruckuswireless H320 Firmware	Before 200.6.10.1.0

Running on/with	Platform Versions
Ruckuswireless H320	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruckuswireless H510 Firmware	Before 200.6.10.1.0

Running on/with	Platform Versions
Ruckuswireless H510	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruckuswireless R710 Firmware	Before 200.6.10.1.0

Running on/with	Platform Versions
Ruckuswireless R710	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruckuswireless R720 Firmware	Before 200.6.10.1.0

Running on/with	Platform Versions
Ruckuswireless R720	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruckuswireless T300 Firmware	Before 200.6.10.1.0

Running on/with	Platform Versions
Ruckuswireless T300	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruckuswireless T301 Firmware	Before 200.6.10.1.0

Running on/with	Platform Versions
Ruckuswireless T301	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruckuswireless T300e Firmware	Before 200.6.10.1.0

Running on/with	Platform Versions
Ruckuswireless T300e	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruckuswireless T610 Firmware	Before 200.6.10.1.0

Running on/with	Platform Versions
Ruckuswireless T610	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruckuswireless T710 Firmware	Before 200.6.10.1.0

Running on/with	Platform Versions
Ruckuswireless T710	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruckuswireless R510 Firmware	Before 200.6.10.1.0

Running on/with	Platform Versions
Ruckuswireless R510	All versions

Configuration N

5 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruckuswireless Zonedirector 1200 Firmware	From 10.0.1.0.17 to 10.0.1.0.44
Ruckuswireless Zonedirector 1200 Firmware	From 9.10.2.0.11 to 9.10.2.0.53
Ruckuswireless Zonedirector 1200 Firmware	From 9.12.3.0.28 to 9.12.3.0.83
Ruckuswireless Zonedirector 1200 Firmware	From 9.13.3.0.22 to 9.13.3.0.145
Ruckuswireless Zonedirector 1200 Firmware	Version 10.1.0.0.1515

Running on/with	Platform Versions
Ruckuswireless Zonedirector 1200	All versions

Configuration O

5 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruckuswireless Zonedirector 3000 Firmware	From 10.0.1.0.17 to 10.0.1.0.44
Ruckuswireless Zonedirector 3000 Firmware	From 9.10.2.0.11 to 9.10.2.0.53
Ruckuswireless Zonedirector 3000 Firmware	From 9.12.3.0.28 to 9.12.3.0.83
Ruckuswireless Zonedirector 3000 Firmware	From 9.13.3.0.22 to 9.13.3.0.145
Ruckuswireless Zonedirector 3000 Firmware	Version 10.1.0.0.1515

Running on/with	Platform Versions
Ruckuswireless Zonedirector 3000	All versions

Related CWEs

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (2)

https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-20180202-v1.0.txt

Source: sirt@brocade.com

Vendor Advisory

https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-20180202-v1.0.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.