Details of VAR-201610-0375

ID

VAR-201610-0375

CVE

CVE-2016-1000214

TITLE

Ruckus Wireless H500 Authentication Bypass Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2016-10446 // CNNVD: CNNVD-201610-735

DESCRIPTION

Ruckus Wireless H500 web management interface authentication bypass. The Ruckus Wireless H500 is an indoor wall switch access point for Ruckus Wireless in the United States. Webmanagementinterface is one of the web-based management interfaces. An attacker could exploit the vulnerability to bypass security restrictions by sending a request with a specially crafted string

Trust: 2.25

sources: NVD: CVE-2016-1000214 // JVNDB: JVNDB-2016-005623 // CNVD: CNVD-2016-10446 // VULHUB: VHN-88666

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-10446

AFFECTED PRODUCTS

vendor:	ruckus	model:	wireless h500	scope:	eq	version:	-	Trust: 1.6
vendor:	ruckus	model:	zoneflex h500	scope:	-	version:	-	Trust: 0.8
vendor:	ruckus	model:	h500	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2016-10446 // JVNDB: JVNDB-2016-005623 // CNNVD: CNNVD-201610-735 // NVD: CVE-2016-1000214

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1000214
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-1000214
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2016-10446
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201610-735
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-88666
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1000214
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-10446
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-88666
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1000214
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-10446 // VULHUB: VHN-88666 // JVNDB: JVNDB-2016-005623 // CNNVD: CNNVD-201610-735 // NVD: CVE-2016-1000214

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.9
problemtype:	CWE-287	Trust: 1.9

sources: VULHUB: VHN-88666 // JVNDB: JVNDB-2016-005623 // NVD: CVE-2016-1000214

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201610-735

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201610-735

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-005623

PATCH

title:

ZoneFlex H500

url:

https://www.ruckuswireless.com/products/access-points/zoneflex-indoor/zoneflex-h500

Trust: 0.8

sources: JVNDB: JVNDB-2016-005623

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1000214	Trust: 3.1
db:	JVNDB	id:	JVNDB-2016-005623	Trust: 0.8
db:	CNNVD	id:	CNNVD-201610-735	Trust: 0.7
db:	CNVD	id:	CNVD-2016-10446	Trust: 0.6
db:	VULHUB	id:	VHN-88666	Trust: 0.1

sources: CNVD: CNVD-2016-10446 // VULHUB: VHN-88666 // JVNDB: JVNDB-2016-005623 // CNNVD: CNNVD-201610-735 // NVD: CVE-2016-1000214

REFERENCES

url:	https://www.tripwire.com/state-of-security/vulnerability-management/ruckus-vulnerability/	Trust: 3.1
url:	http://b910a83a1a1fa9c20d93-2435f2f08e773abe005b52170fce6d94.r84.cf2.rackcdn.com/security/faq-security-advisory-id-062117.txt	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1000214	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1000214	Trust: 0.8

sources: CNVD: CNVD-2016-10446 // VULHUB: VHN-88666 // JVNDB: JVNDB-2016-005623 // CNNVD: CNNVD-201610-735 // NVD: CVE-2016-1000214

SOURCES

db:	CNVD	id:	CNVD-2016-10446
db:	VULHUB	id:	VHN-88666
db:	JVNDB	id:	JVNDB-2016-005623
db:	CNNVD	id:	CNNVD-201610-735
db:	NVD	id:	CVE-2016-1000214

LAST UPDATE DATE

2025-04-13T23:09:28.939000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-10446	date:	2016-11-01T00:00:00
db:	VULHUB	id:	VHN-88666	date:	2017-07-07T00:00:00
db:	JVNDB	id:	JVNDB-2016-005623	date:	2016-10-31T00:00:00
db:	CNNVD	id:	CNNVD-201610-735	date:	2016-10-26T00:00:00
db:	NVD	id:	CVE-2016-1000214	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-10446	date:	2016-11-01T00:00:00
db:	VULHUB	id:	VHN-88666	date:	2016-10-25T00:00:00
db:	JVNDB	id:	JVNDB-2016-005623	date:	2016-10-31T00:00:00
db:	CNNVD	id:	CNNVD-201610-735	date:	2016-10-26T00:00:00
db:	NVD	id:	CVE-2016-1000214	date:	2016-10-25T14:29:06.260