VAR-201310-0309
Vulnerability from variot - Updated: 2023-12-18 12:21Ruckus Wireless Zoneflex 2942 devices with firmware 9.6.0.0.267 allow remote attackers to bypass authentication, and subsequently access certain configuration/ and maintenance/ scripts, by constructing a crafted URI after receiving an authentication error for an arbitrary login attempt. wireless LAN access point Is Zoneflex 2942 Contains an authentication bypass vulnerability. Ruckus Wireless Provided by wireless LAN Is an access point Zoneflex 2942 There is an authentication bypass vulnerability (CWE-592) Exists.A third party may access the settings screen of the product or restart the product. After receiving a verification failure message, the user can delete the /login.asp part of the URL to bypass the login page. The graphical user interface cannot access other configuration pages, but you can directly edit the URI to access the following page: /configuration/wireless.asp/configuration/local_network.asp/configuration/internet.asp/configuration/device.asp/maintenance/upgrade.asp/maintenance /reboot.asp. RUCKUS WIRELESS Zoneflex 2942 is prone to multiple authentication-bypass vulnerabilities. Successful exploits may allow attackers to reboot the access point, causing a denial-of-service condition. http://drupal.org/node/207891. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
RUCKUS ADVISORY ID 10282013
Customer release date: Oct 28, 2013 Public release date: Nov 28, 2013
TITLE
User authentication bypass vulnerability in Ruckus Access Point's administrative web interface
SUMMARY
An user authentication bypass vulnerability has been discovered in Ruckus Access Point's administrative web interface.
AFFECTED SOFTWARE VERSIONS AND DEVICES
Device Affected software
- -------------------------- ------------------ ZoneFlex Access Points 9.5.x, 9.6.x
Any products not mentioned in the table above are not affected
DETAILS
A weakness has been discovered in the administrative web interface of the Ruckus Access Point devices.
The user does not have to be authenticated to the web interface for this attack to be successful.
CVSS v2 BASE METRIC SCORE: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
WORKAROUNDS
Ruckus recommends that all customers apply the appropriate patch(es) as soon as practical. However, in the event that a patch cannot immediately be applied, the following suggestions might help reduce the risk:
-
Do not expose management interfaces of Ruckus devices (including administrative web interface) to untrusted networks such as the Internet.
-
Use a firewall to limit traffic to/from Ruckus Access Point's administrative web interface to trusted hosts.
SOLUTION
Ruckus recommends that all customers apply the appropriate patch(es) as soon as practical.
The following patches have the fix (any later patches will also have the fix):
Branch Software Patch - - ----------- ------------------ 9.5.x 9.5.3.0.44MR 9.6.x 9.6.1.0.15MR
CREDITS
This vulnerability was discovered and responsibly disclosed to Ruckus Wireless by multiple sources:
-
-
- David Peters of Ansecurity
-
-
-
- Neil Lines of Nettitude Group
-
This issue has also been reported to CERT and NVD by a third party without informing Ruckus Wireless.
http://www.kb.cert.org/vuls/id/742932 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5030
OBTAINING FIXED FIRMWARE
Ruckus customers can obtain the fixed firmware from the support website at https://support.ruckuswireless.com/
Ruckus Support can be contacted as follows:
1-855-RUCKUS1 (1-855-782-5871) (United States)
The full contact list is at:
https://support.ruckuswireless.com/contact-us
PUBLIC ANNOUNCEMENTS
This security advisory is strictly confidential and will be made available for public consumption on Nov 28, 2013 at the following source
Ruckus Website http://www.ruckuswireless.com/security
SecurityFocus Bugtraq http://www.securityfocus.com/archive/1
Future updates of this advisory, if any, will be placed on Ruckus's website, but may or may not be actively announced on mailing lists.
REVISION HISTORY
Revision 1.0 / 28th Nov 2013 / Initial release
RUCKUS WIRELESS SECURITY PROCEDURES
Complete information on reporting security vulnerabilities in Ruckus Wireless products, obtaining assistance with security incidents is available at http://www.ruckuswireless.com/security
For reporting new security issues, email can be sent to security(at)ruckuswireless.com For sensitive information we encourage the use of PGP encryption. Our public keys can be found at http://www.ruckuswireless.com/security
STATUS OF THIS NOTICE: Final
Although Ruckus cannot guarantee the accuracy of all statements in this advisory, all of the facts have been checked to the best of our ability. Ruckus does not anticipate issuing updated versions of this advisory unless there is some material change in the facts. Should there be a significant change in the facts, Ruckus may update this advisory.
(c) Copyright 2013 by Ruckus Wireless This advisory may be redistributed freely after the public release date given at the top of the text, provided that redistributed copies are complete and unmodified, including all date and version information.
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJSlnB/AAoJEFH6g5RLqzh1hoUIAMooTly+eiCi+xXnb5u7U9mW /HrBYdf6ayAIllwtBtbdeWCJd8bpxMeJzYdOY21zNQMWmUzkIREUtMqJRlHrOflT EVqQc67b+SPyGb46nKUoMe8IkYw0ZT/HBWAqbkD1CZqaXR9aPbfKvdksbQvWhXks fBTTowuvs7Ez/2FeJfZIBp3g2skK+1PwZxK8+S/AC0Mlen2MVLJNOf7ZBreZLN9f 7Xa1ZRRI4j3ehvYshUWdDS0c54Nd591PrGgFMpvWbmmOTzRRKqdzOYTanMsmbTSv Qjpu3wwbDVKuz8n7dIigOBjxHnoJqR4TbbRtYU3JOJlpwTWURif89PP45slX4vY= =pNjb -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201310-0309",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "zoneflex 2942",
"scope": "eq",
"trust": 1.6,
"vendor": "ruckuswireless",
"version": "9.6.0.0.267"
},
{
"model": "zoneflex 2942",
"scope": "eq",
"trust": 1.0,
"vendor": "ruckuswireless",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ruckus",
"version": null
},
{
"model": "zoneflex",
"scope": null,
"trust": 0.8,
"vendor": "ruckus",
"version": null
},
{
"model": "zoneflex 2942",
"scope": "lte",
"trust": 0.8,
"vendor": "ruckus",
"version": "9.6.0.0.267"
},
{
"model": "zoneflex",
"scope": "eq",
"trust": 0.6,
"vendor": "ruckus",
"version": "29429.6.0.0.267"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#742932"
},
{
"db": "CNVD",
"id": "CNVD-2013-13711"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004604"
},
{
"db": "NVD",
"id": "CVE-2013-5030"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-270"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ruckuswireless:zoneflex_2942__firmware:9.6.0.0.267:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ruckuswireless:zoneflex_2942:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5030"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MyExploit",
"sources": [
{
"db": "BID",
"id": "62941"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-270"
}
],
"trust": 0.9
},
"cve": "CVE-2013-5030",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 5.9,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 1.2,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 3.4,
"id": "CVE-2013-5030",
"impactScore": 8.5,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "NOT DEFINED",
"reportConfidence": "UNCOFIRMED",
"severity": "MEDIUM",
"targetDistribution": "LOW",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:L/AC:M/Au:N/C:P/I:C/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2013-5030",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CNVD-2013-13711",
"impactScore": 8.5,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:C/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-65032",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-5030",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-5030",
"trust": 0.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-13711",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201310-270",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-65032",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#742932"
},
{
"db": "CNVD",
"id": "CNVD-2013-13711"
},
{
"db": "VULHUB",
"id": "VHN-65032"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004604"
},
{
"db": "NVD",
"id": "CVE-2013-5030"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-270"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ruckus Wireless Zoneflex 2942 devices with firmware 9.6.0.0.267 allow remote attackers to bypass authentication, and subsequently access certain configuration/ and maintenance/ scripts, by constructing a crafted URI after receiving an authentication error for an arbitrary login attempt. wireless LAN access point Is Zoneflex 2942 Contains an authentication bypass vulnerability. Ruckus Wireless Provided by wireless LAN Is an access point Zoneflex 2942 There is an authentication bypass vulnerability (CWE-592) Exists.A third party may access the settings screen of the product or restart the product. After receiving a verification failure message, the user can delete the /login.asp part of the URL to bypass the login page. The graphical user interface cannot access other configuration pages, but you can directly edit the URI to access the following page: /configuration/wireless.asp/configuration/local_network.asp/configuration/internet.asp/configuration/device.asp/maintenance/upgrade.asp/maintenance /reboot.asp. RUCKUS WIRELESS Zoneflex 2942 is prone to multiple authentication-bypass vulnerabilities. Successful exploits may allow attackers to reboot the access point, causing a denial-of-service condition. \nhttp://drupal.org/node/207891. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\n\nRUCKUS ADVISORY ID 10282013\n\nCustomer release date: Oct 28, 2013\nPublic release date: Nov 28, 2013\n\nTITLE\n\nUser authentication bypass vulnerability in Ruckus Access Point\u0027s\nadministrative web interface\n\n\nSUMMARY\n\nAn user authentication bypass vulnerability has been discovered in\nRuckus Access Point\u0027s administrative web interface. \n\n\n\nAFFECTED SOFTWARE VERSIONS AND DEVICES\n\n\n Device Affected software\n- -------------------------- ------------------\nZoneFlex Access Points 9.5.x, 9.6.x\n\nAny products not mentioned in the table above are not affected\n\n\nDETAILS\n\nA weakness has been discovered in the administrative web interface of\nthe Ruckus Access Point devices. \n\nThe user does not have to be authenticated to the web interface for\nthis attack to be successful. \n\nCVSS v2 BASE METRIC SCORE: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)\n\n\n \nWORKAROUNDS\n\nRuckus recommends that all customers apply the appropriate patch(es)\nas soon as practical. However, in the event that a patch cannot\nimmediately be applied, the following suggestions might help reduce\nthe risk:\n\n - Do not expose management interfaces of Ruckus devices (including\nadministrative web interface) to untrusted networks such as the Internet. \n\n - Use a firewall to limit traffic to/from Ruckus Access Point\u0027s\nadministrative web interface to trusted hosts. \n\n \n\nSOLUTION\n\nRuckus recommends that all customers apply the appropriate patch(es)\nas soon as practical. \n\nThe following patches have the fix (any later patches will also have\nthe fix):\n\n\nBranch Software Patch\n- - ----------- ------------------\n9.5.x 9.5.3.0.44MR\n9.6.x 9.6.1.0.15MR \n\n\n\nCREDITS\n\nThis vulnerability was discovered and responsibly disclosed to Ruckus\nWireless by multiple sources:\n\n- - - David Peters of Ansecurity\n- - - Neil Lines of Nettitude Group\n\nThis issue has also been reported to CERT and NVD by a third party\nwithout informing Ruckus Wireless. \n\nhttp://www.kb.cert.org/vuls/id/742932\nhttp://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5030\n\n\nOBTAINING FIXED FIRMWARE\n\nRuckus customers can obtain the fixed firmware from the support website at\n https://support.ruckuswireless.com/\n\nRuckus Support can be contacted as follows:\n\n 1-855-RUCKUS1 (1-855-782-5871) (United States)\n \n The full contact list is at:\n https://support.ruckuswireless.com/contact-us\n\n\nPUBLIC ANNOUNCEMENTS\n\nThis security advisory is strictly confidential and will be made\navailable for public consumption on Nov 28, 2013 at the following source\n\nRuckus Website\nhttp://www.ruckuswireless.com/security\n\nSecurityFocus Bugtraq\nhttp://www.securityfocus.com/archive/1\n\n\nFuture updates of this advisory, if any, will be placed on Ruckus\u0027s\nwebsite, but may or may not be actively announced on mailing lists. \n\nREVISION HISTORY\n\n Revision 1.0 / 28th Nov 2013 / Initial release\n\n\nRUCKUS WIRELESS SECURITY PROCEDURES\n\nComplete information on reporting security vulnerabilities in Ruckus\nWireless\nproducts, obtaining assistance with security incidents is available at\n http://www.ruckuswireless.com/security\n \n \nFor reporting new security issues, email can be sent to\nsecurity(at)ruckuswireless.com\nFor sensitive information we encourage the use of PGP encryption. Our\npublic keys can be\nfound at http://www.ruckuswireless.com/security\n\n \nSTATUS OF THIS NOTICE: Final\n\nAlthough Ruckus cannot guarantee the accuracy of all statements\nin this advisory, all of the facts have been checked to the best of our\nability. Ruckus does not anticipate issuing updated versions of\nthis advisory unless there is some material change in the facts. Should\nthere be a significant change in the facts, Ruckus may update this\nadvisory. \n\n\n(c) Copyright 2013 by Ruckus Wireless\nThis advisory may be redistributed freely after the public release\ndate given at\nthe top of the text, provided that redistributed copies are complete and\nunmodified, including all date and version information. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.18 (Darwin)\nComment: GPGTools - http://gpgtools.org\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\n\niQEcBAEBAgAGBQJSlnB/AAoJEFH6g5RLqzh1hoUIAMooTly+eiCi+xXnb5u7U9mW\n/HrBYdf6ayAIllwtBtbdeWCJd8bpxMeJzYdOY21zNQMWmUzkIREUtMqJRlHrOflT\nEVqQc67b+SPyGb46nKUoMe8IkYw0ZT/HBWAqbkD1CZqaXR9aPbfKvdksbQvWhXks\nfBTTowuvs7Ez/2FeJfZIBp3g2skK+1PwZxK8+S/AC0Mlen2MVLJNOf7ZBreZLN9f\n7Xa1ZRRI4j3ehvYshUWdDS0c54Nd591PrGgFMpvWbmmOTzRRKqdzOYTanMsmbTSv\nQjpu3wwbDVKuz8n7dIigOBjxHnoJqR4TbbRtYU3JOJlpwTWURif89PP45slX4vY=\n=pNjb\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5030"
},
{
"db": "CERT/CC",
"id": "VU#742932"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004604"
},
{
"db": "CNVD",
"id": "CNVD-2013-13711"
},
{
"db": "BID",
"id": "62941"
},
{
"db": "VULHUB",
"id": "VHN-65032"
},
{
"db": "PACKETSTORM",
"id": "124210"
}
],
"trust": 3.33
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-65032",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65032"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-5030",
"trust": 4.3
},
{
"db": "CERT/CC",
"id": "VU#742932",
"trust": 4.0
},
{
"db": "BID",
"id": "62941",
"trust": 1.6
},
{
"db": "JVN",
"id": "JVNVU99397682",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004604",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201310-270",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-13711",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "29709",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-83196",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124099",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-65032",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124210",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#742932"
},
{
"db": "CNVD",
"id": "CNVD-2013-13711"
},
{
"db": "VULHUB",
"id": "VHN-65032"
},
{
"db": "BID",
"id": "62941"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004604"
},
{
"db": "PACKETSTORM",
"id": "124210"
},
{
"db": "NVD",
"id": "CVE-2013-5030"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-270"
}
]
},
"id": "VAR-201310-0309",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13711"
},
{
"db": "VULHUB",
"id": "VHN-65032"
}
],
"trust": 1.45
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13711"
}
]
},
"last_update_date": "2023-12-18T12:21:33.937000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ZoneFlex 2942",
"trust": 0.8,
"url": "http://www.ruckuswireless.com/products/zoneflex-indoor/2942"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004604"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
},
{
"problemtype": "CWE-592",
"trust": 0.8
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#742932"
},
{
"db": "VULHUB",
"id": "VHN-65032"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004604"
},
{
"db": "NVD",
"id": "CVE-2013-5030"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://www.kb.cert.org/vuls/id/742932"
},
{
"trust": 0.9,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5030"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/592.html"
},
{
"trust": 0.8,
"url": "http://www.ruckuswireless.com/products/zoneflex-indoor/2942"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5030"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu99397682"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/62941"
},
{
"trust": 0.1,
"url": "https://support.ruckuswireless.com/contact-us"
},
{
"trust": 0.1,
"url": "https://support.ruckuswireless.com/"
},
{
"trust": 0.1,
"url": "http://enigmail.mozdev.org/"
},
{
"trust": 0.1,
"url": "http://www.ruckuswireless.com/security"
},
{
"trust": 0.1,
"url": "http://www.securityfocus.com/archive/1"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#742932"
},
{
"db": "CNVD",
"id": "CNVD-2013-13711"
},
{
"db": "VULHUB",
"id": "VHN-65032"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004604"
},
{
"db": "PACKETSTORM",
"id": "124210"
},
{
"db": "NVD",
"id": "CVE-2013-5030"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-270"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#742932"
},
{
"db": "CNVD",
"id": "CNVD-2013-13711"
},
{
"db": "VULHUB",
"id": "VHN-65032"
},
{
"db": "BID",
"id": "62941"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004604"
},
{
"db": "PACKETSTORM",
"id": "124210"
},
{
"db": "NVD",
"id": "CVE-2013-5030"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-270"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-10T00:00:00",
"db": "CERT/CC",
"id": "VU#742932"
},
{
"date": "2013-10-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13711"
},
{
"date": "2013-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-65032"
},
{
"date": "2013-10-10T00:00:00",
"db": "BID",
"id": "62941"
},
{
"date": "2013-10-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004604"
},
{
"date": "2013-11-29T14:33:33",
"db": "PACKETSTORM",
"id": "124210"
},
{
"date": "2013-10-16T10:52:44.823000",
"db": "NVD",
"id": "CVE-2013-5030"
},
{
"date": "2013-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-270"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-10T00:00:00",
"db": "CERT/CC",
"id": "VU#742932"
},
{
"date": "2013-10-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13711"
},
{
"date": "2014-04-23T00:00:00",
"db": "VULHUB",
"id": "VHN-65032"
},
{
"date": "2013-11-28T07:15:00",
"db": "BID",
"id": "62941"
},
{
"date": "2013-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004604"
},
{
"date": "2014-04-23T14:26:27.593000",
"db": "NVD",
"id": "CVE-2013-5030"
},
{
"date": "2013-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-270"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-270"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ruckus Wireless Zoneflex 2942 Wireless Access Point vulnerable to authentication bypass",
"sources": [
{
"db": "CERT/CC",
"id": "VU#742932"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-270"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…