CVE-2017-6229

Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and Ruckus Networks Zone Director firmware releases 10.1.0.0.x, 9.10.2.0.x, 9.12.3.0.x, 9.13.3.0.x, 10.0.1.0.x or before contain authenticated Root Command Injection in the CLI that could allow authenticated valid users to execute privileged commands on the respective systems.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:ruckuswireless:r500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r500:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:ruckuswireless:r600_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r600:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:ruckuswireless:r310_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r310:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:ruckuswireless:h320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:h320:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:ruckuswireless:h510_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:h510:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:ruckuswireless:r710_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r710:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:ruckuswireless:r720_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r720:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:ruckuswireless:t300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t300:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:ruckuswireless:t301_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t301:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:ruckuswireless:t300e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t300e:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:ruckuswireless:t610_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t610:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:ruckuswireless:t710_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ruckuswireless:t710:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:ruckuswireless:r510_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r510:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
OR cpe:2.3:o:ruckuswireless:zonedirector_1200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ruckuswireless:zonedirector_1200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ruckuswireless:zonedirector_1200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ruckuswireless:zonedirector_1200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ruckuswireless:zonedirector_1200_firmware:10.1.0.0.1515:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:zonedirector_1200:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
OR cpe:2.3:o:ruckuswireless:zonedirector_3000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ruckuswireless:zonedirector_3000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ruckuswireless:zonedirector_3000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ruckuswireless:zonedirector_3000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ruckuswireless:zonedirector_3000_firmware:10.1.0.0.1515:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:zonedirector_3000:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:29

Type Values Removed Values Added
References () https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-20180202-v1.0.txt - Vendor Advisory () https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-20180202-v1.0.txt - Vendor Advisory

Information

Published : 2018-02-14 19:29

Updated : 2024-11-21 03:29


NVD link : CVE-2017-6229

Mitre link : CVE-2017-6229

CVE.ORG link : CVE-2017-6229


JSON object : View

Products Affected

ruckuswireless

  • r500_firmware
  • h320_firmware
  • h510
  • t710
  • h320
  • r310_firmware
  • zonedirector_1200
  • t610
  • zonedirector_3000_firmware
  • r710
  • t301_firmware
  • t610_firmware
  • t300e
  • r600
  • r720
  • r510
  • h510_firmware
  • r710_firmware
  • r720_firmware
  • zonedirector_1200_firmware
  • r310
  • t300
  • t301
  • zonedirector_3000
  • r510_firmware
  • t300_firmware
  • r600_firmware
  • t300e_firmware
  • r500
  • t710_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')