CVE-2020-13915

{"id": "CVE-2020-13915", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-07-28T15:15:11.640", "references": [{"url": "https://support.ruckuswireless.com/security_bulletins/304", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-522"}, {"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow a remote attacker to overwrite admin credentials via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices."}, {"lang": "es", "value": "Los permisos no seguros en emfd/libemf en Ruckus Wireless Unleashed versiones hasta 200.7.10.102.92, permiten a un atacante remoto sobrescribir las credenciales de administrador por medio de una petici\u00f3n HTTP no autenticada. Esto afecta a los dispositivos C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, y T710"}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ruckuswireless:unleashed_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3C6FE6A-B160-4C64-B900-9F5637EE2EF4", "versionEndIncluding": "200.7.10.102.92"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ruckuswireless:c110:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A77671DB-6197-4C8D-B667-A0081350E5AF"}, {"criteria": "cpe:2.3:h:ruckuswireless:e510:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FBF5C92C-C889-4732-BB00-E6D55613E410"}, {"criteria": "cpe:2.3:h:ruckuswireless:h320:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "282C3A1D-711C-4415-B9BE-A9B518204AEB"}, {"criteria": "cpe:2.3:h:ruckuswireless:h510:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CB1FAB48-786A-4FB3-AB6D-3118E94E68C7"}, {"criteria": "cpe:2.3:h:ruckuswireless:m510:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D4AE7200-4090-4B81-A22F-B8553A014D21"}, {"criteria": "cpe:2.3:h:ruckuswireless:r310:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "40D3129E-4C02-484F-96B6-59D76F787D21"}, {"criteria": "cpe:2.3:h:ruckuswireless:r320:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "93CE3224-85D2-4039-8F24-BB503DFD42C2"}, {"criteria": "cpe:2.3:h:ruckuswireless:r500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9BBDBE9C-BE4B-4ED6-AF62-8FE484C519E2"}, {"criteria": "cpe:2.3:h:ruckuswireless:r510:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "80B2E8CC-EACE-4A80-9EB1-DADAB8034415"}, {"criteria": "cpe:2.3:h:ruckuswireless:r600:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5421B1D7-E630-4BDA-BA34-7DD8D0738DF4"}, {"criteria": "cpe:2.3:h:ruckuswireless:r610:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4244947C-538E-4B83-B4F4-3DD4F3C22E83"}, {"criteria": "cpe:2.3:h:ruckuswireless:r710:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E95884E9-C6AF-4106-A178-9274AD27EF65"}, {"criteria": "cpe:2.3:h:ruckuswireless:r720:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DDFDAF0A-9F5D-4E34-805E-6F27103AAA32"}, {"criteria": "cpe:2.3:h:ruckuswireless:r750:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BA49CB45-1196-4AD7-8AB6-C5593BBF015F"}, {"criteria": "cpe:2.3:h:ruckuswireless:t300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0511674E-59A6-427C-A265-B277D84DE301"}, {"criteria": "cpe:2.3:h:ruckuswireless:t301n:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EBB7A43E-F5F1-465A-841F-05214EDA6833"}, {"criteria": "cpe:2.3:h:ruckuswireless:t301s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "68C4D9AC-5B1C-4066-8216-3F7127C3CC64"}, {"criteria": "cpe:2.3:h:ruckuswireless:t310c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BFB69C4E-2B4F-4F61-8A65-9BA0354F33E3"}, {"criteria": "cpe:2.3:h:ruckuswireless:t310d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C2D3E8C6-4676-4B74-A252-132A26670C64"}, {"criteria": "cpe:2.3:h:ruckuswireless:t310n:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2ED4C9B4-7F70-4059-8592-FD3F034160C3"}, {"criteria": "cpe:2.3:h:ruckuswireless:t310s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "72378D4B-ADB5-4DE5-BB92-1778BDFD61FC"}, {"criteria": "cpe:2.3:h:ruckuswireless:t610:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "210D55AB-9305-4D0B-B9F0-47889D37373B"}, {"criteria": "cpe:2.3:h:ruckuswireless:t710:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A40B9489-D999-4355-953E-36A7F8DEF299"}, {"criteria": "cpe:2.3:h:ruckuswireless:t710s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4CFF0772-D853-4781-B326-E3BDEAC78EE0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}