DDOS reflection amplification vulnerability in eAut module of Ruckus Wireless SmartZone controller that allows remote attackers to perform DOS attacks via crafted request.
References
| Link | Resource |
|---|---|
| http://ruckus.com | Not Applicable |
| http://smartzone-100.com | Broken Link |
| https://anquan.baidu.com/article/1434 | Exploit Mitigation Technical Description Third Party Advisory |
| https://github.com/lixiang957/CVE-2021-36630 | Exploit Third Party Advisory |
| https://www.commscope.com/globalassets/digizuite/921070-faq-security-advisory-id-20210719-v1-0.pdf | Vendor Advisory |
| https://www.freebuf.com/articles/web/260338.html | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
History
31 Jan 2023, 19:02
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://www.commscope.com/globalassets/digizuite/921070-faq-security-advisory-id-20210719-v1-0.pdf - Vendor Advisory | |
| References | (MISC) https://www.freebuf.com/articles/web/260338.html - Exploit, Third Party Advisory | |
| First Time |
Ruckuswireless sz-300 Firmware
Ruckuswireless vsz Firmware Ruckuswireless sz-300 Ruckuswireless vsz Ruckuswireless sz-100 Ruckuswireless sz-144 Firmware Ruckuswireless sz-144 Ruckuswireless Ruckuswireless sz-100 Firmware |
|
| CPE | cpe:2.3:a:commscope:ruckus_virtual_smartzone:-:*:*:*:*:*:*:* cpe:2.3:h:commscope:ruckus_smartzone_z100:-:*:*:*:*:*:*:* cpe:2.3:o:commscope:ruckus_smartzone_z300_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:commscope:ruckus_smartzone_z100_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:commscope:ruckus_smartzone_z300:-:*:*:*:*:*:*:* cpe:2.3:h:commscope:ruckus_smartzone_z144:-:*:*:*:*:*:*:* |
cpe:2.3:h:ruckuswireless:sz-100:-:*:*:*:*:*:*:* cpe:2.3:h:ruckuswireless:sz-144:-:*:*:*:*:*:*:* cpe:2.3:o:ruckuswireless:sz-100_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ruckuswireless:vsz_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ruckuswireless:sz-300:-:*:*:*:*:*:*:* cpe:2.3:o:ruckuswireless:sz-300_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ruckuswireless:vsz:-:*:*:*:*:*:*:* cpe:2.3:o:ruckuswireless:sz-144_firmware:*:*:*:*:*:*:*:* |
27 Jan 2023, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
26 Jan 2023, 14:52
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) http://ruckus.com - Not Applicable | |
| References | (MISC) https://anquan.baidu.com/article/1434 - Exploit, Mitigation, Technical Description, Third Party Advisory | |
| References | (MISC) http://smartzone-100.com - Broken Link | |
| References | (MISC) https://github.com/lixiang957/CVE-2021-36630 - Exploit, Third Party Advisory | |
| First Time |
Commscope ruckus Smartzone Z300
Commscope Commscope ruckus Smartzone Z100 Commscope ruckus Smartzone Z300 Firmware Commscope ruckus Smartzone Z144 Commscope ruckus Smartzone Z100 Firmware Commscope ruckus Smartzone Z144 Firmware Commscope ruckus Virtual Smartzone |
|
| CWE | CWE-770 | |
| CPE | cpe:2.3:o:commscope:ruckus_smartzone_z144_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:commscope:ruckus_virtual_smartzone:-:*:*:*:*:*:*:* cpe:2.3:o:commscope:ruckus_smartzone_z300_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:commscope:ruckus_smartzone_z100:-:*:*:*:*:*:*:* cpe:2.3:o:commscope:ruckus_smartzone_z100_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:commscope:ruckus_smartzone_z300:-:*:*:*:*:*:*:* cpe:2.3:h:commscope:ruckus_smartzone_z144:-:*:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
23 Jan 2023, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
18 Jan 2023, 13:54
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-01-18 13:15
Updated : 2023-12-10 14:48
NVD link : CVE-2021-36630
Mitre link : CVE-2021-36630
CVE.ORG link : CVE-2021-36630
JSON object : View
Products Affected
ruckuswireless
- vsz_firmware
- sz-300
- vsz
- sz-144_firmware
- sz-300_firmware
- sz-100
- sz-100_firmware
- sz-144
CWE
CWE-770
Allocation of Resources Without Limits or Throttling