Main Banks Non-banking financial sector Cyber fraud

CVE-2020-8438

Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the nslookuptarget=|cat${IFS} substring.

    Product

  • arris ruckus_zoneflex_r500_firmware 104.0.0.0.1347

Score

9

Source

http://nvd.nist.gov

Access-complexity

LOW

Access-vector

NETWORK