CVE-2020-22662

moderate-risk
Published 2023-01-20

In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to change and set unauthorized "illegal region code" by remote code Execution command injection which leads to run illegal frequency with maxi output power. Vulnerability allows attacker to create an arbitrary amount of ssid wlans interface per radio which creates overhead over noise (the default max limit is 8 ssid only per radio in solo AP). Vulnerability allows attacker to unlock hidden regions by privilege command injection in WEB GUI.

Do I need to act?

-
0.85% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (14)

R310 Firmware
R500 Firmware
R600 Firmware
T300 Firmware
T301N Firmware
T301S Firmware
Scg200 Firmware
Sz-100 Firmware
Sz-300 Firmware
Vsz Firmware
Zonedirector 1100 Firmware
Zonedirector 3000 Firmware
Zonedirector 5000 Firmware

Affected Vendors

Ruckuswireless

References (3)

https://hdhrmi.blogspot.com/2020/03/multiple-vulnerabilities-in-ruckus.html?m=1
Patch https://support.ruckuswireless.com/security_bulletins/302
Patch https://support.ruckuswireless.com/security_bulletins/302
47
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 3/34 · Minimal
Exposure 18/34 · Moderate