.. / CVE-2023-25717

Exploit for Ruckus Wireless Admin - Remote Code Execution (CVE-2023-25717)

Description:

Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request.

Nuclei Template

View the template here CVE-2023-25717.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-25717.yaml
Copy

References:

https://cybir.com/2023/cve/proof-of-concept-ruckus-wireless-admin-10-4-unauthenticated-remote-code-execution-csrf-ssrf/
https://nvd.nist.gov/vuln/detail/CVE-2023-25717
https://support.ruckuswireless.com/security_bulletins/315