CVE-2020-22654

CRITICAL

Ruckus <3.6.2.0.795 - RCE

Title source: llm

Description

In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to bypass firmware image bad md5 checksum failed error.

References (2)

[Patch, Vendor Advisory] https://support.ruckuswireless.com/security_bulletins/302

[Various Sources] https://hdhrmi.blogspot.com/2020/03/multiple-vulnerabilities-in-ruckus.html?m=1

Scores

CVSS v3 9.8

EPSS 0.0019

EPSS Percentile 40.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-494

Status published

Products (14)

ruckuswireless/r310_firmware 10.5.1.0.199

ruckuswireless/r500_firmware 10.5.1.0.199

ruckuswireless/r600_firmware 10.5.1.0.199

ruckuswireless/scg200_firmware < 3.6.2.0.795

ruckuswireless/sz-100_firmware < 3.6.2.0.795

ruckuswireless/sz-300_firmware < 3.6.2.0.795

ruckuswireless/t300_firmware 10.5.1.0.199

ruckuswireless/t301n_firmware 10.5.1.0.199

ruckuswireless/t301s_firmware 10.5.1.0.199

ruckuswireless/vsz_firmware < 3.6.2.0.795

... and 4 more

Published Jan 20, 2023

Tracked Since Feb 18, 2026