CVE-2020-22661

MEDIUM

Ruckus APs and SmartZone Controllers - Unauthorized Backup Image Replacement

Title source: manual

Description

In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to erase the backup secondary official image and write secondary backup unauthorized image.

References (2)

Core 2

Core References

Various Sources

https://hdhrmi.blogspot.com/2020/03/multiple-vulnerabilities-in-ruckus.html?m=1

Patch, Vendor Advisory

https://support.ruckuswireless.com/security_bulletins/302

Scores

CVSS v3 6.5

EPSS 0.0052

EPSS Percentile 40.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-306

Status published

Products (14)

ruckuswireless/r310_firmware 10.5.1.0.199

ruckuswireless/r500_firmware 10.5.1.0.199

ruckuswireless/r600_firmware 10.5.1.0.199

ruckuswireless/scg200_firmware < 3.6.2.0.795

ruckuswireless/sz-100_firmware < 3.6.2.0.795

ruckuswireless/sz-300_firmware < 3.6.2.0.795

ruckuswireless/t300_firmware 10.5.1.0.199

ruckuswireless/t301n_firmware 10.5.1.0.199

ruckuswireless/t301s_firmware 10.5.1.0.199

ruckuswireless/vsz_firmware < 3.6.2.0.795

... and 4 more

Published Jan 20, 2023

Tracked Since Feb 18, 2026