Sign-up

ID

VAR-201805-0638


CVE

CVE-2018-11036


TITLE

Ruckus SmartZone Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-006324

DESCRIPTION

Ruckus SmartZone (formerly Virtual SmartCell Gateway or vSCG) 3.5.0, 3.5.1, 3.6.0, and 3.6.1 (Essentials and High Scale) on vSZ, SZ-100, SZ-300, and SCG-200 devices allows remote attackers to obtain sensitive information or modify data. Ruckus SmartZone Contains an information disclosure vulnerability.Information may be obtained and information may be altered. RuckusvSZ and others are wireless LAN controller products from Ruckus Wireless. SmartZone is one of the operating systems. There are security holes in SmartZone on several Ruckus products. The following products and versions are affected: Ruckus SmartZone Version 3.5.0, Version 3.5.1, Version 3.6.0, 3.6.1; vSZ; SZ-100; SZ-300; SCG-200

Trust: 2.25

sources: NVD: CVE-2018-11036 // JVNDB: JVNDB-2018-006324 // CNVD: CNVD-2018-10905 // VULHUB: VHN-120855

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

category:['network device']sub_category:gateway

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2018-10905

AFFECTED PRODUCTS

vendor:ruckuswirelessmodel:sz-300scope:eqversion:3.5.0

Trust: 1.6

vendor:ruckuswirelessmodel:sz-300scope:eqversion:3.6.1

Trust: 1.6

vendor:ruckuswirelessmodel:sz-100scope:eqversion:3.6.0

Trust: 1.6

vendor:ruckuswirelessmodel:sz-100scope:eqversion:3.5.0

Trust: 1.6

vendor:ruckuswirelessmodel:sz-100scope:eqversion:3.6.1

Trust: 1.6

vendor:ruckuswirelessmodel:sz-100scope:eqversion:3.5.1

Trust: 1.6

vendor:ruckuswirelessmodel:sz-300scope:eqversion:3.6.0

Trust: 1.6

vendor:ruckuswirelessmodel:scg-200scope:eqversion:3.6.1

Trust: 1.6

vendor:ruckuswirelessmodel:sz-300scope:eqversion:3.5.1

Trust: 1.6

vendor:ruckuswirelessmodel:scg-200scope:eqversion:3.6.0

Trust: 1.6

vendor:ruckuswirelessmodel:vszscope:eqversion:3.5.0

Trust: 1.0

vendor:ruckuswirelessmodel:vszscope:eqversion:3.6.1

Trust: 1.0

vendor:ruckuswirelessmodel:vszscope:eqversion:3.6.0

Trust: 1.0

vendor:ruckuswirelessmodel:scg-200scope:eqversion:3.5.0

Trust: 1.0

vendor:ruckuswirelessmodel:vszscope:eqversion:3.5.1

Trust: 1.0

vendor:ruckuswirelessmodel:scg-200scope:eqversion:3.5.1

Trust: 1.0

vendor:ruckusmodel:scg-200scope:eqversion:3.5.0

Trust: 0.8

vendor:ruckusmodel:scg-200scope:eqversion:3.5.1

Trust: 0.8

vendor:ruckusmodel:scg-200scope:eqversion:3.6.0

Trust: 0.8

vendor:ruckusmodel:scg-200scope:eqversion:3.6.1

Trust: 0.8

vendor:ruckusmodel:sz-100scope:eqversion:3.5.0

Trust: 0.8

vendor:ruckusmodel:sz-100scope:eqversion:3.5.1

Trust: 0.8

vendor:ruckusmodel:sz-100scope:eqversion:3.6.0

Trust: 0.8

vendor:ruckusmodel:sz-100scope:eqversion:3.6.1

Trust: 0.8

vendor:ruckusmodel:sz-300scope:eqversion:3.5.0

Trust: 0.8

vendor:ruckusmodel:sz-300scope:eqversion:3.5.1

Trust: 0.8

vendor:ruckusmodel:sz-300scope:eqversion:3.6.0

Trust: 0.8

vendor:ruckusmodel:sz-300scope:eqversion:3.6.1

Trust: 0.8

vendor:ruckusmodel:vszscope:eqversion:3.5.0

Trust: 0.8

vendor:ruckusmodel:vszscope:eqversion:3.5.1

Trust: 0.8

vendor:ruckusmodel:vszscope:eqversion:3.6.0

Trust: 0.8

vendor:ruckusmodel:vszscope:eqversion:3.6.1

Trust: 0.8

vendor:ruckusmodel:wireless ruckus smartzonescope:eqversion:3.5.0

Trust: 0.6

vendor:ruckusmodel:wireless ruckus smartzonescope:eqversion:3.5.1

Trust: 0.6

vendor:ruckusmodel:wireless ruckus smartzonescope:eqversion:3.6.0

Trust: 0.6

vendor:ruckusmodel:wireless ruckus smartzonescope:eqversion:3.6.1

Trust: 0.6

sources: CNVD: CNVD-2018-10905 // JVNDB: JVNDB-2018-006324 // CNNVD: CNNVD-201805-1235 // NVD: CVE-2018-11036

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-11036
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-11036
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-10905
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201805-1235
value: MEDIUM

Trust: 0.6

VULHUB: VHN-120855
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-11036
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-10905
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-120855
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-11036
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-10905 // VULHUB: VHN-120855 // JVNDB: JVNDB-2018-006324 // CNNVD: CNNVD-201805-1235 // NVD: CVE-2018-11036

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-120855 // JVNDB: JVNDB-2018-006324 // NVD: CVE-2018-11036

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-1235

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201805-1235

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-006324

PATCH
title:Ruckus SmartZone Sensitive Information Disclosure Vulnerabilityurl:https://www.ruckuswireless.com/security/279/view/txt
Trust: 0.8
title:Patch of multiple Ruckus products SmartZone information disclosure vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/131197
Trust: 0.6
title:Multiple Ruckus product SmartZone Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81246
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-10905 // 
            
            
            
            JVNDB: JVNDB-2018-006324 // 
            
            
            
            CNNVD: CNNVD-201805-1235

EXTERNAL IDS
db:NVDid:CVE-2018-11036
Trust: 3.2
db:JVNDBid:JVNDB-2018-006324
Trust: 0.8
db:CNNVDid:CNNVD-201805-1235
Trust: 0.7
db:CNVDid:CNVD-2018-10905
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-120855
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2018-10905 // 
            
            
            
            VULHUB: VHN-120855 // 
            
            
            
            JVNDB: JVNDB-2018-006324 // 
            
            
            
            CNNVD: CNNVD-201805-1235 // 
            
            
            
            NVD: CVE-2018-11036

REFERENCES
url:https://www.ruckuswireless.com/security/279/view/txt
Trust: 2.3
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11036
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-11036
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2018-10905 // 
            
            
            
            VULHUB: VHN-120855 // 
            
            
            
            JVNDB: JVNDB-2018-006324 // 
            
            
            
            CNNVD: CNNVD-201805-1235 // 
            
            
            
            NVD: CVE-2018-11036

SOURCES
db:OTHERid: - 
db:CNVDid:CNVD-2018-10905
db:VULHUBid:VHN-120855
db:JVNDBid:JVNDB-2018-006324
db:CNNVDid:CNNVD-201805-1235
db:NVDid:CVE-2018-11036

LAST UPDATE DATE
2025-01-30T20:17:24.326000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-10905date:2018-06-04T00:00:00
db:VULHUBid:VHN-120855date:2018-08-01T00:00:00
db:JVNDBid:JVNDB-2018-006324date:2018-08-16T00:00:00
db:CNNVDid:CNNVD-201805-1235date:2018-06-04T00:00:00
db:NVDid:CVE-2018-11036date:2024-11-21T03:42:32.317

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-10905date:2018-06-04T00:00:00
db:VULHUBid:VHN-120855date:2018-05-31T00:00:00
db:JVNDBid:JVNDB-2018-006324date:2018-08-16T00:00:00
db:CNNVDid:CNNVD-201805-1235date:2018-06-01T00:00:00
db:NVDid:CVE-2018-11036date:2018-05-31T12:29:00.220