CVE-2020-22653

Published: Jan 20, 2023Modified: Apr 3, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to exploit the official image signature to force injection unauthorized image signature.

Affected (14)

Products: Ruckuswireless: R310 Firmware, R500 Firmware, R600 Firmware, T300 Firmware, T301n Firmware, T301s Firmware, Scg200 Firmware, Sz 100 Firmware, Sz 300 Firmware, Vsz Firmware, Zonedirector 1100 Firmware, Zonedirector 1200 Firmware, Zonedirector 3000 Firmware, Zonedirector 5000 Firmware

14 products

Zonedirector 1100 Firmware

Zonedirector 1200 Firmware

Zonedirector 3000 Firmware

Zonedirector 5000 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruckuswireless R310 Firmware	Version 10.5.1.0.199

Running on/with	Platform Versions
Ruckuswireless R310	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruckuswireless R500 Firmware	Version 10.5.1.0.199

Running on/with	Platform Versions
Ruckuswireless R500	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruckuswireless R600 Firmware	Version 10.5.1.0.199

Running on/with	Platform Versions
Ruckuswireless R600	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruckuswireless T300 Firmware	Version 10.5.1.0.199

Running on/with	Platform Versions
Ruckuswireless T300	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruckuswireless T301n Firmware	Version 10.5.1.0.199

Running on/with	Platform Versions
Ruckuswireless T301n	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruckuswireless T301s Firmware	Version 10.5.1.0.199

Running on/with	Platform Versions
Ruckuswireless T301s	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruckuswireless Scg200 Firmware	Before 3.6.2.0.795

Running on/with	Platform Versions
Ruckuswireless Scg200	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruckuswireless Sz 100 Firmware	Before 3.6.2.0.795

Running on/with	Platform Versions
Ruckuswireless Sz 100	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruckuswireless Sz 300 Firmware	Before 3.6.2.0.795

Running on/with	Platform Versions
Ruckuswireless Sz 300	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruckuswireless Vsz Firmware	Before 3.6.2.0.795

Running on/with	Platform Versions
Ruckuswireless Vsz	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruckuswireless Zonedirector 1100 Firmware	Version 9.10.2.0.130

Running on/with	Platform Versions
Ruckuswireless Zonedirector 1100	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruckuswireless Zonedirector 1200 Firmware	Version 10.2.1.0.218

Running on/with	Platform Versions
Ruckuswireless Zonedirector 1200	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruckuswireless Zonedirector 3000 Firmware	Version 10.2.1.0.218

Running on/with	Platform Versions
Ruckuswireless Zonedirector 3000	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruckuswireless Zonedirector 5000 Firmware	Version 10.0.1.0.151

Running on/with	Platform Versions
Ruckuswireless Zonedirector 5000	All versions

Related CWEs

CWE-347

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (3)

https://hdhrmi.blogspot.com/2020/03/multiple-vulnerabilities-in-ruckus.html?m=1

Source: cve@mitre.org

https://support.ruckuswireless.com/security_bulletins/302

Source: cve@mitre.org

PatchVendor Advisory

https://support.ruckuswireless.com/security_bulletins/302

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.