cvelistv5 - cve-2016-1000216

CVE-2016-1000216 (GCVE-0-2016-1000216)

Vulnerability from cvelistv5 – Published: 2016-10-10 20:00 – Updated: 2024-08-06 03:55

Summary

Ruckus Wireless H500 web management interface authenticated command injection

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://bitbucket.org/dudux/ruckus-rootshell	x_refsource_MISC
	http://b910a83a1a1fa9c20d93-2435f2f08e773abe005b5…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/93539	vdb-entryx_refsource_BID
	http://www.tripwire.com/state-of-security/vulnera…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:55:27.651Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bitbucket.org/dudux/ruckus-rootshell"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://b910a83a1a1fa9c20d93-2435f2f08e773abe005b52170fce6d94.r84.cf2.rackcdn.com/security/faq-security-advisory-id-062117.txt"
          },
          {
            "name": "93539",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93539"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.tripwire.com/state-of-security/vulnerability-management/ruckus-vulnerability/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Ruckus Wireless H500 web management interface authenticated command injection"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-06T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bitbucket.org/dudux/ruckus-rootshell"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://b910a83a1a1fa9c20d93-2435f2f08e773abe005b52170fce6d94.r84.cf2.rackcdn.com/security/faq-security-advisory-id-062117.txt"
        },
        {
          "name": "93539",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93539"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.tripwire.com/state-of-security/vulnerability-management/ruckus-vulnerability/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-1000216",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Ruckus Wireless H500 web management interface authenticated command injection"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bitbucket.org/dudux/ruckus-rootshell",
              "refsource": "MISC",
              "url": "https://bitbucket.org/dudux/ruckus-rootshell"
            },
            {
              "name": "http://b910a83a1a1fa9c20d93-2435f2f08e773abe005b52170fce6d94.r84.cf2.rackcdn.com/security/faq-security-advisory-id-062117.txt",
              "refsource": "CONFIRM",
              "url": "http://b910a83a1a1fa9c20d93-2435f2f08e773abe005b52170fce6d94.r84.cf2.rackcdn.com/security/faq-security-advisory-id-062117.txt"
            },
            {
              "name": "93539",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93539"
            },
            {
              "name": "http://www.tripwire.com/state-of-security/vulnerability-management/ruckus-vulnerability/",
              "refsource": "MISC",
              "url": "http://www.tripwire.com/state-of-security/vulnerability-management/ruckus-vulnerability/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-1000216",
    "datePublished": "2016-10-10T20:00:00",
    "dateReserved": "2016-09-09T00:00:00",
    "dateUpdated": "2024-08-06T03:55:27.651Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:ruckus:wireless_h500:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C92E2C9-FE89-4620-A32B-E3BF969C10B2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Ruckus Wireless H500 web management interface authenticated command injection\"}, {\"lang\": \"es\", \"value\": \"Inyecci\\u00f3n de comandos autenticados en la interfaz de administraci\\u00f3n web Ruckus Wireless H500\"}]",
      "id": "CVE-2016-1000216",
      "lastModified": "2024-11-21T02:43:00.320",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:C/I:C/A:C\", \"baseScore\": 9.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2016-10-10T20:59:35.003",
      "references": "[{\"url\": \"http://b910a83a1a1fa9c20d93-2435f2f08e773abe005b52170fce6d94.r84.cf2.rackcdn.com/security/faq-security-advisory-id-062117.txt\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/93539\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.tripwire.com/state-of-security/vulnerability-management/ruckus-vulnerability/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Technical Description\", \"Third Party Advisory\"]}, {\"url\": \"https://bitbucket.org/dudux/ruckus-rootshell\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"http://b910a83a1a1fa9c20d93-2435f2f08e773abe005b52170fce6d94.r84.cf2.rackcdn.com/security/faq-security-advisory-id-062117.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/93539\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.tripwire.com/state-of-security/vulnerability-management/ruckus-vulnerability/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Technical Description\", \"Third Party Advisory\"]}, {\"url\": \"https://bitbucket.org/dudux/ruckus-rootshell\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vendorComments": "[{\"organization\": \"Ruckus Wireless\", \"comment\": \"Update on vulnerabilities in Web GUI Interface on Ruckus Unmanaged-APs - CVE-2016-1000213, CVE-2016-1000214, CVE-2016-1000215, CVE-2016-1000216. \u003cbr /\u003e https://www.ruckuswireless.com/security \u003cbr /\u003e http://b910a83a1a1fa9c20d93-2435f2f08e773abe005b52170fce6d94.r84.cf2.rackcdn.com/security/faq-security-advisory-id-062117.txt\", \"lastModified\": \"2017-06-28T09:57:42.347\"}]",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-1000216\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2016-10-10T20:59:35.003\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Ruckus Wireless H500 web management interface authenticated command injection\"},{\"lang\":\"es\",\"value\":\"Inyecci\u00f3n de comandos autenticados en la interfaz de administraci\u00f3n web Ruckus Wireless H500\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:ruckus:wireless_h500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C92E2C9-FE89-4620-A32B-E3BF969C10B2\"}]}]}],\"references\":[{\"url\":\"http://b910a83a1a1fa9c20d93-2435f2f08e773abe005b52170fce6d94.r84.cf2.rackcdn.com/security/faq-security-advisory-id-062117.txt\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/93539\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.tripwire.com/state-of-security/vulnerability-management/ruckus-vulnerability/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"https://bitbucket.org/dudux/ruckus-rootshell\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://b910a83a1a1fa9c20d93-2435f2f08e773abe005b52170fce6d94.r84.cf2.rackcdn.com/security/faq-security-advisory-id-062117.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/93539\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.tripwire.com/state-of-security/vulnerability-management/ruckus-vulnerability/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"https://bitbucket.org/dudux/ruckus-rootshell\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}],\"vendorComments\":[{\"organization\":\"Ruckus Wireless\",\"comment\":\"Update on vulnerabilities in Web GUI Interface on Ruckus Unmanaged-APs - CVE-2016-1000213, CVE-2016-1000214, CVE-2016-1000215, CVE-2016-1000216. \u003cbr /\u003e https://www.ruckuswireless.com/security \u003cbr /\u003e http://b910a83a1a1fa9c20d93-2435f2f08e773abe005b52170fce6d94.r84.cf2.rackcdn.com/security/faq-security-advisory-id-062117.txt\",\"lastModified\":\"2017-06-28T09:57:42.347\"}]}}"
  }
}

GHSA-66J4-C493-MF9V

Vulnerability from github – Published: 2022-05-17 02:35 – Updated: 2025-04-12 13:05

Details

Ruckus Wireless H500 web management interface authenticated command injection

Severity ?

8.8 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-1000216"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-10-10T20:59:00Z",
    "severity": "HIGH"
  },
  "details": "Ruckus Wireless H500 web management interface authenticated command injection",
  "id": "GHSA-66j4-c493-mf9v",
  "modified": "2025-04-12T13:05:24Z",
  "published": "2022-05-17T02:35:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000216"
    },
    {
      "type": "WEB",
      "url": "https://bitbucket.org/dudux/ruckus-rootshell"
    },
    {
      "type": "WEB",
      "url": "http://b910a83a1a1fa9c20d93-2435f2f08e773abe005b52170fce6d94.r84.cf2.rackcdn.com/security/faq-security-advisory-id-062117.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93539"
    },
    {
      "type": "WEB",
      "url": "http://www.tripwire.com/state-of-security/vulnerability-management/ruckus-vulnerability"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2016-09360

Vulnerability from cnvd - Published: 2016-10-18

Title

Ruckus Wireless H500命令注入漏洞

Description

Ruckus Wireless H500是美国Ruckus Wireless公司的一款室内墙面交换机接入点。web management interface是其中的一个基于Web的管理接口。 Ruckus Wireless H500 Web管理界面中存在命令注入漏洞。攻击者可利用该漏洞注入任意命令。

Severity

高

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法： http://www.ruckuswireless.com/

Reference

https://bitbucket.org/dudux/ruckus-rootshell http://www.tripwire.com/state-of-security/vulnerability-management/ruckus-vulnerability/

Impacted products

Name
Ruckus Wireless H500 web management

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-1000216"
    }
  },
  "description": "Ruckus Wireless H500\u662f\u7f8e\u56fdRuckus Wireless\u516c\u53f8\u7684\u4e00\u6b3e\u5ba4\u5185\u5899\u9762\u4ea4\u6362\u673a\u63a5\u5165\u70b9\u3002web management interface\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u57fa\u4e8eWeb\u7684\u7ba1\u7406\u63a5\u53e3\u3002\r\n\r\nRuckus Wireless H500 Web\u7ba1\u7406\u754c\u9762\u4e2d\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610f\u547d\u4ee4\u3002",
  "discovererName": "unknown",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttp://www.ruckuswireless.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-09360",
  "openTime": "2016-10-18",
  "products": {
    "product": "Ruckus Wireless H500 web management"
  },
  "referenceLink": "https://bitbucket.org/dudux/ruckus-rootshell\r\nhttp://www.tripwire.com/state-of-security/vulnerability-management/ruckus-vulnerability/",
  "serverity": "\u9ad8",
  "submitTime": "2016-10-13",
  "title": "Ruckus Wireless H500\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

VAR-201610-0377

Vulnerability from variot - Updated: 2023-12-18 12:20

Ruckus Wireless H500 web management interface authenticated command injection. RUCKUS ZoneFlex H500 is prone to a remote command-injection vulnerability because it fails to properly sanitize user-supplied input. Successfully exploiting this issue may allow an attacker to execute arbitrary commands in context of the affected device. Ruckus Wireless H500 is an indoor wall switch access point of Ruckus Wireless in the United States

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201610-0377",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "wireless h500",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ruckus",
        "version": null
      },
      {
        "model": "zoneflex h500",
        "scope": null,
        "trust": 0.8,
        "vendor": "ruckus",
        "version": null
      },
      {
        "model": "zoneflex h500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruckuswireless",
        "version": "100.1.0.0.432"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "93539"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005423"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1000216"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-260"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:ruckus:wireless_h500:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-1000216"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Craig Young",
    "sources": [
      {
        "db": "BID",
        "id": "93539"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-1000216",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2016-1000216",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "VHN-88668",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-1000216",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-1000216",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201610-260",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-88668",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-88668"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005423"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1000216"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-260"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ruckus Wireless H500 web management interface authenticated command injection. RUCKUS ZoneFlex H500 is prone to a remote command-injection vulnerability because it fails to properly sanitize user-supplied input. \nSuccessfully exploiting this issue may allow an attacker to execute arbitrary commands in context of the affected device. Ruckus Wireless H500 is an indoor wall switch access point of Ruckus Wireless in the United States",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-1000216"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005423"
      },
      {
        "db": "BID",
        "id": "93539"
      },
      {
        "db": "VULHUB",
        "id": "VHN-88668"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-1000216",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "93539",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005423",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-260",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-88668",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-88668"
      },
      {
        "db": "BID",
        "id": "93539"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005423"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1000216"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-260"
      }
    ]
  },
  "id": "VAR-201610-0377",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-88668"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:20:19.138000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Owning Ruckus Wireless Access Points",
        "trust": 0.8,
        "url": "https://bitbucket.org/dudux/ruckus-rootshell"
      },
      {
        "title": "ZoneFlex H500",
        "trust": 0.8,
        "url": "https://www.ruckuswireless.com/products/access-points/zoneflex-indoor/zoneflex-h500"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005423"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-88668"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005423"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1000216"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "http://www.tripwire.com/state-of-security/vulnerability-management/ruckus-vulnerability/"
      },
      {
        "trust": 2.0,
        "url": "https://bitbucket.org/dudux/ruckus-rootshell"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/93539"
      },
      {
        "trust": 1.1,
        "url": "http://b910a83a1a1fa9c20d93-2435f2f08e773abe005b52170fce6d94.r84.cf2.rackcdn.com/security/faq-security-advisory-id-062117.txt"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1000216"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1000216"
      },
      {
        "trust": 0.3,
        "url": "http://www.ruckuswireless.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-88668"
      },
      {
        "db": "BID",
        "id": "93539"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005423"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1000216"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-260"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-88668"
      },
      {
        "db": "BID",
        "id": "93539"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005423"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1000216"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-260"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-10-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-88668"
      },
      {
        "date": "2016-08-03T00:00:00",
        "db": "BID",
        "id": "93539"
      },
      {
        "date": "2016-10-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005423"
      },
      {
        "date": "2016-10-10T20:59:35.003000",
        "db": "NVD",
        "id": "CVE-2016-1000216"
      },
      {
        "date": "2016-10-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201610-260"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-88668"
      },
      {
        "date": "2016-10-26T04:09:00",
        "db": "BID",
        "id": "93539"
      },
      {
        "date": "2016-10-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005423"
      },
      {
        "date": "2017-07-07T01:29:00.433000",
        "db": "NVD",
        "id": "CVE-2016-1000216"
      },
      {
        "date": "2016-10-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201610-260"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-260"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ruckus Wireless H500 of  Web Command insertion vulnerability in the management interface",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005423"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "operating system commend injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-260"
      }
    ],
    "trust": 0.6
  }
}

GSD-2016-1000216

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Ruckus Wireless H500 web management interface authenticated command injection

Aliases

CVE-2016-1000216

Aliases

CVE-2016-1000216

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-1000216",
    "description": "Ruckus Wireless H500 web management interface authenticated command injection",
    "id": "GSD-2016-1000216"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-1000216"
      ],
      "details": "Ruckus Wireless H500 web management interface authenticated command injection",
      "id": "GSD-2016-1000216",
      "modified": "2023-12-13T01:21:18.014125Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2016-1000216",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Ruckus Wireless H500 web management interface authenticated command injection"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bitbucket.org/dudux/ruckus-rootshell",
            "refsource": "MISC",
            "url": "https://bitbucket.org/dudux/ruckus-rootshell"
          },
          {
            "name": "http://b910a83a1a1fa9c20d93-2435f2f08e773abe005b52170fce6d94.r84.cf2.rackcdn.com/security/faq-security-advisory-id-062117.txt",
            "refsource": "CONFIRM",
            "url": "http://b910a83a1a1fa9c20d93-2435f2f08e773abe005b52170fce6d94.r84.cf2.rackcdn.com/security/faq-security-advisory-id-062117.txt"
          },
          {
            "name": "93539",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/93539"
          },
          {
            "name": "http://www.tripwire.com/state-of-security/vulnerability-management/ruckus-vulnerability/",
            "refsource": "MISC",
            "url": "http://www.tripwire.com/state-of-security/vulnerability-management/ruckus-vulnerability/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:ruckus:wireless_h500:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-1000216"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Ruckus Wireless H500 web management interface authenticated command injection"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bitbucket.org/dudux/ruckus-rootshell",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://bitbucket.org/dudux/ruckus-rootshell"
            },
            {
              "name": "http://www.tripwire.com/state-of-security/vulnerability-management/ruckus-vulnerability/",
              "refsource": "MISC",
              "tags": [
                "Technical Description",
                "Third Party Advisory"
              ],
              "url": "http://www.tripwire.com/state-of-security/vulnerability-management/ruckus-vulnerability/"
            },
            {
              "name": "93539",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/93539"
            },
            {
              "name": "http://b910a83a1a1fa9c20d93-2435f2f08e773abe005b52170fce6d94.r84.cf2.rackcdn.com/security/faq-security-advisory-id-062117.txt",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://b910a83a1a1fa9c20d93-2435f2f08e773abe005b52170fce6d94.r84.cf2.rackcdn.com/security/faq-security-advisory-id-062117.txt"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-07-07T01:29Z",
      "publishedDate": "2016-10-10T20:59Z"
    }
  }
}

FKIE_CVE-2016-1000216

Vulnerability from fkie_nvd - Published: 2016-10-10 20:59 - Updated: 2025-04-12 10:46

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Ruckus Wireless H500 web management interface authenticated command injection

References

URL	Tags
cve@mitre.org	http://b910a83a1a1fa9c20d93-2435f2f08e773abe005b52170fce6d94.r84.cf2.rackcdn.com/security/faq-security-advisory-id-062117.txt
cve@mitre.org	http://www.securityfocus.com/bid/93539	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.tripwire.com/state-of-security/vulnerability-management/ruckus-vulnerability/	Technical Description, Third Party Advisory
cve@mitre.org	https://bitbucket.org/dudux/ruckus-rootshell	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://b910a83a1a1fa9c20d93-2435f2f08e773abe005b52170fce6d94.r84.cf2.rackcdn.com/security/faq-security-advisory-id-062117.txt
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93539	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.tripwire.com/state-of-security/vulnerability-management/ruckus-vulnerability/	Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bitbucket.org/dudux/ruckus-rootshell	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	ruckus	wireless_h500	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ruckus:wireless_h500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C92E2C9-FE89-4620-A32B-E3BF969C10B2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Ruckus Wireless H500 web management interface authenticated command injection"
    },
    {
      "lang": "es",
      "value": "Inyecci\u00f3n de comandos autenticados en la interfaz de administraci\u00f3n web Ruckus Wireless H500"
    }
  ],
  "id": "CVE-2016-1000216",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-10-10T20:59:35.003",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://b910a83a1a1fa9c20d93-2435f2f08e773abe005b52170fce6d94.r84.cf2.rackcdn.com/security/faq-security-advisory-id-062117.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93539"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "http://www.tripwire.com/state-of-security/vulnerability-management/ruckus-vulnerability/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://bitbucket.org/dudux/ruckus-rootshell"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://b910a83a1a1fa9c20d93-2435f2f08e773abe005b52170fce6d94.r84.cf2.rackcdn.com/security/faq-security-advisory-id-062117.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93539"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "http://www.tripwire.com/state-of-security/vulnerability-management/ruckus-vulnerability/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://bitbucket.org/dudux/ruckus-rootshell"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Update on vulnerabilities in Web GUI Interface on Ruckus Unmanaged-APs - CVE-2016-1000213, CVE-2016-1000214, CVE-2016-1000215, CVE-2016-1000216. \u003cbr /\u003e https://www.ruckuswireless.com/security \u003cbr /\u003e http://b910a83a1a1fa9c20d93-2435f2f08e773abe005b52170fce6d94.r84.cf2.rackcdn.com/security/faq-security-advisory-id-062117.txt",
      "lastModified": "2017-06-28T09:57:42.347",
      "organization": "Ruckus Wireless"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-1000216 (GCVE-0-2016-1000216)

GHSA-66J4-C493-MF9V

CNVD-2016-09360

VAR-201610-0377

GSD-2016-1000216

FKIE_CVE-2016-1000216

Tags

Sightings

Nomenclature