CVE-2020-13915
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD
Description
Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow a remote attacker to overwrite admin credentials via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices.
Affected (1)
Products: Ruckuswireless: Unleashed Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 200.7.10.102.92 |
| Running on/with | Platform Versions |
|---|---|
Ruckuswireless C110 | All versions |
Ruckuswireless E510 | All versions |
Ruckuswireless H320 | All versions |
Ruckuswireless H510 | All versions |
Ruckuswireless M510 | All versions |
Ruckuswireless R310 | All versions |
Ruckuswireless R320 | All versions |
Ruckuswireless R500 | All versions |
Ruckuswireless R510 | All versions |
Ruckuswireless R600 | All versions |
Ruckuswireless R610 | All versions |
Ruckuswireless R710 | All versions |
Ruckuswireless R720 | All versions |
Ruckuswireless R750 | All versions |
Ruckuswireless T300 | All versions |
Ruckuswireless T301n | All versions |
Ruckuswireless T301s | All versions |
Ruckuswireless T310c | All versions |
Ruckuswireless T310d | All versions |
Ruckuswireless T310n | All versions |
Ruckuswireless T310s | All versions |
Ruckuswireless T610 | All versions |
Ruckuswireless T710 | All versions |
Ruckuswireless T710s | All versions |
Related CWEs
CWE-522
Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
CWE-732
Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
References (2)
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.