CVE-2023-7338
Received Received - Intake
Remote Code Execution in Ruckus Unleashed Management Interface

Publication date: 2026-03-26

Last updated on: 2026-03-26

Assigner: VulnCheck

Description
Ruckus Unleashed contains a remote code execution vulnerability in the web-based management interface that allows authenticated remote attackers to execute arbitrary code on the system when gateway mode is enabled. Attackers can exploit this vulnerability by sending specially crafted requests through the management interface to achieve arbitrary code execution on affected systems.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-26
Last Modified
2026-03-26
Generated
2026-06-16
AI Q&A
2026-03-27
EPSS Evaluated
2026-06-15
NVD
CVE-2023-7338
EUVD
EUVD-2023-60539
Affected Vendors & Products
Showing 30 associated CPEs
Vendor Product Version / Range
ruckus_wireless ruckus_unleashed From 6.1.2 (inc) to 7.1.1 (inc)
ruckus_wireless ruckus_h350 *
ruckus_wireless ruckus_h550 *
ruckus_wireless ruckus_r350 *
ruckus_wireless ruckus_r550 *
ruckus_wireless ruckus_r650 *
ruckus_wireless ruckus_r750 *
ruckus_wireless ruckus_r850 *
ruckus_wireless ruckus_t350c *
ruckus_wireless ruckus_t350d *
ruckus_wireless ruckus_t350se *
ruckus_wireless ruckus_t750 *
ruckus_wireless ruckus_t750se *
ruckus_wireless ruckus_c110 *
ruckus_wireless ruckus_e510 *
ruckus_wireless ruckus_h320 *
ruckus_wireless ruckus_h510 *
ruckus_wireless ruckus_m510-jp *
ruckus_wireless ruckus_r320 *
ruckus_wireless ruckus_r510 *
ruckus_wireless ruckus_r610 *
ruckus_wireless ruckus_r710 *
ruckus_wireless ruckus_r720 *
ruckus_wireless ruckus_t310c *
ruckus_wireless ruckus_t310d *
ruckus_wireless ruckus_t310n *
ruckus_wireless ruckus_t310s *
ruckus_wireless ruckus_t610 *
ruckus_wireless ruckus_t710 *
ruckus_wireless ruckus_t710s *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2023-7338 is a remote code execution vulnerability found in the web-based management interface of Ruckus Unleashed devices. This flaw allows an authenticated remote attacker to execute arbitrary code on the affected system when the device is operating in gateway mode. The attacker exploits this vulnerability by sending specially crafted requests through the management interface, which leads to the execution of unauthorized commands on the device.

The vulnerability affects multiple Ruckus products, including various Wi-Fi 6 access points and wireless hubs, such as the H350, H550, R350, R550, R650, R750, R850, and several T-series models. These devices support advanced wireless features and are commonly used in residential and small business networks.

Impact Analysis

This vulnerability can have serious impacts because it allows an authenticated attacker to remotely execute arbitrary code on the affected device. This means the attacker could potentially take full control of the device, leading to compromise of the network managed by it.

  • Unauthorized control over the device and its functions.
  • Potential disruption of network services and availability.
  • Exposure of sensitive data due to compromised device confidentiality.
  • Integrity of network operations could be undermined by malicious commands.
Detection Guidance

This vulnerability affects Ruckus Unleashed devices operating in gateway mode and can be exploited via the web-based management interface by authenticated users sending specially crafted requests.

To detect this vulnerability on your network or system, you should first identify if any Ruckus Unleashed or affected Ruckus devices (such as H350, H550, R350, R550, R650, R750, R850, T350c/d/se, T750/SE, and others) are operating in gateway mode.

Since the vulnerability requires authenticated access and specially crafted requests, detection can involve monitoring for unusual or unauthorized access attempts to the web management interface, especially requests that attempt command injection.

Specific commands or tools to detect this vulnerability are not provided in the available resources.

Mitigation Strategies

Immediate mitigation steps include applying the relevant patches or updates provided by Ruckus Wireless as detailed in their Security Bulletin 20230731.

Additionally, if possible, disable gateway mode on affected devices until patches can be applied, as the vulnerability specifically arises when gateway mode is enabled.

Restrict access to the web-based management interface to trusted administrators only and enforce strong authentication controls to reduce the risk of exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-7338. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart