Actively exploited vulnerability

CVE-2023-25717: Multiple Ruckus Wireless Products CSRF and RCE Vulnerability

Ruckus Wireless Access Point (AP) software contains an unspecified vulnerability in the web services component. If the web services component is enabled on the AP, an attacker can perform cross-site request forgery (CSRF) or remote code execution (RCE). This vulnerability impacts Ruckus ZoneDirector, SmartZone, and Solo APs.

CISA KEV source 12 May 2023 added 2 Jun 2023 remediation due

Affected product

Ruckus Wireless ยท Multiple Products

Known ransomware use: Unknown

Required action

Follow the source advisory and validate exposure in your environment.

Apply updates per vendor instructions or disconnect product if it is end-of-life.

Related Yasna coverage

Recent reporting that mentions CVE-2023-25717.