Lucene search

MitreCVE-2020-22662

HistoryJan 20, 2023 - 7:15 p.m.

CVE-2020-22662

2023-01-2019:15:13

CWE-77

mitre

web.nvd.nist.gov

cve-2020-22662

ruckus

remote code execution

command injection

ssid creation

security vulnerability

nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

Confidence

High

EPSS

0.002

Percentile

58.5%

JSON

In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to change and set unauthorized “illegal region code” by remote code Execution command injection which leads to run illegal frequency with maxi output power. Vulnerability allows attacker to create an arbitrary amount of ssid wlans interface per radio which creates overhead over noise (the default max limit is 8 ssid only per radio in solo AP). Vulnerability allows attacker to unlock hidden regions by privilege command injection in WEB GUI.

Affected configurations

Nvd

Node

ruckuswirelessr310_firmwareMatch10.5.1.0.199

AND

ruckuswirelessr310Match-

Node

ruckuswirelessr500_firmwareMatch10.5.1.0.199

AND

ruckuswirelessr500Match-

Node

ruckuswirelessr600_firmwareMatch10.5.1.0.199

AND

ruckuswirelessr600Match-

Node

ruckuswirelesst300_firmwareMatch10.5.1.0.199

AND

ruckuswirelesst300Match-

Node

ruckuswirelesst301n_firmwareMatch10.5.1.0.199

AND

ruckuswirelesst301nMatch-

Node

ruckuswirelesst301s_firmwareMatch10.5.1.0.199

AND

ruckuswirelesst301sMatch-

Node

ruckuswirelessscg200_firmwareRange<3.6.2.0.795

AND

ruckuswirelessscg200Match-

Node

ruckuswirelesssz-100_firmwareRange<3.6.2.0.795

AND

ruckuswirelesssz-100Match-

Node

ruckuswirelesssz-300_firmwareRange<3.6.2.0.795

AND

ruckuswirelesssz-300Match-

Node

ruckuswirelessvsz_firmwareRange<3.6.2.0.795

AND

ruckuswirelessvszMatch-

Node

ruckuswirelesszonedirector_1100_firmwareMatch9.10.2.0.130

AND

ruckuswirelesszonedirector_1100Match-

Node

ruckuswirelesszonedirector_1200_firmwareMatch10.2.1.0.218

AND

ruckuswirelesszonedirector_1200Match-

Node

ruckuswirelesszonedirector_3000_firmwareMatch10.2.1.0.218

AND

ruckuswirelesszonedirector_3000Match-

Node

ruckuswirelesszonedirector_5000_firmwareMatch10.0.1.0.151

AND

ruckuswirelesszonedirector_5000Match-

VendorProductVersionCPE
ruckuswirelessr310_firmware10.5.1.0.199cpe:2.3:o:ruckuswireless:r310_firmware:10.5.1.0.199:*:*:*:*:*:*:*
ruckuswirelessr310-cpe:2.3:h:ruckuswireless:r310:-:*:*:*:*:*:*:*
ruckuswirelessr500_firmware10.5.1.0.199cpe:2.3:o:ruckuswireless:r500_firmware:10.5.1.0.199:*:*:*:*:*:*:*
ruckuswirelessr500-cpe:2.3:h:ruckuswireless:r500:-:*:*:*:*:*:*:*
ruckuswirelessr600_firmware10.5.1.0.199cpe:2.3:o:ruckuswireless:r600_firmware:10.5.1.0.199:*:*:*:*:*:*:*
ruckuswirelessr600-cpe:2.3:h:ruckuswireless:r600:-:*:*:*:*:*:*:*
ruckuswirelesst300_firmware10.5.1.0.199cpe:2.3:o:ruckuswireless:t300_firmware:10.5.1.0.199:*:*:*:*:*:*:*
ruckuswirelesst300-cpe:2.3:h:ruckuswireless:t300:-:*:*:*:*:*:*:*
ruckuswirelesst301n_firmware10.5.1.0.199cpe:2.3:o:ruckuswireless:t301n_firmware:10.5.1.0.199:*:*:*:*:*:*:*
ruckuswirelesst301n-cpe:2.3:h:ruckuswireless:t301n:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ruckuswireless	r310_firmware	10.5.1.0.199	cpe:2.3:o:ruckuswireless:r310_firmware:10.5.1.0.199:::::::*
ruckuswireless	r310	-	cpe:2.3:h:ruckuswireless:r310:-:::::::*
ruckuswireless	r500_firmware	10.5.1.0.199	cpe:2.3:o:ruckuswireless:r500_firmware:10.5.1.0.199:::::::*
ruckuswireless	r500	-	cpe:2.3:h:ruckuswireless:r500:-:::::::*
ruckuswireless	r600_firmware	10.5.1.0.199	cpe:2.3:o:ruckuswireless:r600_firmware:10.5.1.0.199:::::::*
ruckuswireless	r600	-	cpe:2.3:h:ruckuswireless:r600:-:::::::*
ruckuswireless	t300_firmware	10.5.1.0.199	cpe:2.3:o:ruckuswireless:t300_firmware:10.5.1.0.199:::::::*
ruckuswireless	t300	-	cpe:2.3:h:ruckuswireless:t300:-:::::::*
ruckuswireless	t301n_firmware	10.5.1.0.199	cpe:2.3:o:ruckuswireless:t301n_firmware:10.5.1.0.199:::::::*
ruckuswireless	t301n	-	cpe:2.3:h:ruckuswireless:t301n:-:::::::*

Rows per page:

1-10 of 281

References

hdhrmi.blogspot.com/2020/03/multiple-vulnerabilities-in-ruckus.html?m=1

support.ruckuswireless.com/security_bulletins/302

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

Confidence

High

EPSS

0.002

Percentile

58.5%

JSON

Related for CVE-2020-22662