Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-22662

In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to change and set unauthorized "illegal region code" by remote code Execution command injection which leads to run illegal frequency with maxi output power. Vulnerability allows attacker to create an arbitrary amount of ssid wlans interface per radio which creates overhead over noise (the default max limit is 8 ssid only per radio in solo AP). Vulnerability allows attacker to unlock hidden regions by privilege command injection in WEB GUI.

Published

2023-01-20T19:15:13.063

Last Modified

2025-04-03T18:15:40.630

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Primary
CWE-77
Type: Secondary
CWE-77

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	ruckuswireless	r310_firmware	10.5.1.0.199	Yes
Hardware	ruckuswireless	r310	-	No
Operating System	ruckuswireless	r500_firmware	10.5.1.0.199	Yes
Hardware	ruckuswireless	r500	-	No
Operating System	ruckuswireless	r600_firmware	10.5.1.0.199	Yes
Hardware	ruckuswireless	r600	-	No
Operating System	ruckuswireless	t300_firmware	10.5.1.0.199	Yes
Hardware	ruckuswireless	t300	-	No
Operating System	ruckuswireless	t301n_firmware	10.5.1.0.199	Yes
Hardware	ruckuswireless	t301n	-	No
Operating System	ruckuswireless	t301s_firmware	10.5.1.0.199	Yes
Hardware	ruckuswireless	t301s	-	No
Operating System	ruckuswireless	scg200_firmware	< 3.6.2.0.795	Yes
Hardware	ruckuswireless	scg200	-	No
Operating System	ruckuswireless	sz-100_firmware	< 3.6.2.0.795	Yes
Hardware	ruckuswireless	sz-100	-	No
Operating System	ruckuswireless	sz-300_firmware	< 3.6.2.0.795	Yes
Hardware	ruckuswireless	sz-300	-	No
Operating System	ruckuswireless	vsz_firmware	< 3.6.2.0.795	Yes
Hardware	ruckuswireless	vsz	-	No
Operating System	ruckuswireless	zonedirector_1100_firmware	9.10.2.0.130	Yes
Hardware	ruckuswireless	zonedirector_1100	-	No
Operating System	ruckuswireless	zonedirector_1200_firmware	10.2.1.0.218	Yes
Hardware	ruckuswireless	zonedirector_1200	-	No
Operating System	ruckuswireless	zonedirector_3000_firmware	10.2.1.0.218	Yes
Hardware	ruckuswireless	zonedirector_3000	-	No
Operating System	ruckuswireless	zonedirector_5000_firmware	10.0.1.0.151	Yes
Hardware	ruckuswireless	zonedirector_5000	-	No

References

https://hdhrmi.blogspot.com/2020/03/multiple-vulnerabilities-in-ruckus.html?m=1 ([email protected])
https://support.ruckuswireless.com/security_bulletins/302 Patch, Vendor Advisory ([email protected])
https://support.ruckuswireless.com/security_bulletins/302 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)