CVE-2020-22658

CRITICAL

Ruckus <3.6.2.0.795 - RCE

Title source: llm
STIX 2.1

Description

In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to switch completely to unauthorized image to be Boot as primary verified image.

References (2)

Scores

CVSS v3 9.8
EPSS 0.0019
EPSS Percentile 40.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-494
Status published
Products (14)
ruckuswireless/r310_firmware 10.5.1.0.199
ruckuswireless/r500_firmware 10.5.1.0.199
ruckuswireless/r600_firmware 10.5.1.0.199
ruckuswireless/scg200_firmware < 3.6.2.0.795
ruckuswireless/sz-100_firmware < 3.6.2.0.795
ruckuswireless/sz-300_firmware < 3.6.2.0.795
ruckuswireless/t300_firmware 10.5.1.0.199
ruckuswireless/t301n_firmware 10.5.1.0.199
ruckuswireless/t301s_firmware 10.5.1.0.199
ruckuswireless/vsz_firmware < 3.6.2.0.795
... and 4 more
Published Jan 20, 2023
Tracked Since Feb 18, 2026