CVE-2023-25717 — Multiple Ruckus Wireless Products CSRF and RCE Vulnerability
2023-05-12 • CISA Known Exploited Vulnerability
[event] Ruckus Wireless Access Point (AP) software contains an unspecified vulnerability in the web services component. If the web services component is enabled on the AP, an attacker can perform cross-site request forgery (CSRF) or remote code execution (RCE). This vulnerability impacts Ruckus ZoneDirector, SmartZone, and Solo APs.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | Ruckus Wireless |
| Product | Multiple Products |
| CWE | CWE-94 |
| CVE ID | CVE-2023-25717 |
| Date Added | 2023-05-12 |
| Due Date | 2023-06-02 |
| Ransomware Campaign | Unknown |
> MITIGATION
Apply updates per vendor instructions or disconnect product if it is end-of-life.
Due Date: 2023-06-02