CVE-2020-22658

EPSS 0.17%
Published 20.01.2023 19:15:12
Last modified 03.04.2025 21:15:37
Source cve@mitre.org
Teams watchlist Login
Open Login

In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to switch completely to unauthorized image to be Boot as primary verified image.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Ruckuswireless ≫ R310 Firmware Version10.5.1.0.199

Ruckuswireless ≫ R310 Version-

Ruckuswireless ≫ R500 Firmware Version10.5.1.0.199

Ruckuswireless ≫ R500 Version-

Ruckuswireless ≫ R600 Firmware Version10.5.1.0.199

Ruckuswireless ≫ R600 Version-

Ruckuswireless ≫ T300 Firmware Version10.5.1.0.199

Ruckuswireless ≫ T300 Version-

Ruckuswireless ≫ T301n Firmware Version10.5.1.0.199

Ruckuswireless ≫ T301n Version-

Ruckuswireless ≫ T301s Firmware Version10.5.1.0.199

Ruckuswireless ≫ T301s Version-

Ruckuswireless ≫ Scg200 Firmware Version < 3.6.2.0.795

Ruckuswireless ≫ Scg200 Version-

Ruckuswireless ≫ Sz-100 Firmware Version < 3.6.2.0.795

Ruckuswireless ≫ Sz-100 Version-

Ruckuswireless ≫ Sz-300 Firmware Version < 3.6.2.0.795

Ruckuswireless ≫ Sz-300 Version-

Ruckuswireless ≫ Vsz Firmware Version < 3.6.2.0.795

Ruckuswireless ≫ Vsz Version-

Ruckuswireless ≫ Zonedirector 1100 Firmware Version9.10.2.0.130

Ruckuswireless ≫ Zonedirector 1100 Version-

Ruckuswireless ≫ Zonedirector 1200 Firmware Version10.2.1.0.218

Ruckuswireless ≫ Zonedirector 1200 Version-

Ruckuswireless ≫ Zonedirector 3000 Firmware Version10.2.1.0.218

Ruckuswireless ≫ Zonedirector 3000 Version-

Ruckuswireless ≫ Zonedirector 5000 Firmware Version10.0.1.0.151

Ruckuswireless ≫ Zonedirector 5000 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.17%	0.358

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-494 Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

https://hdhrmi.blogspot.com/2020/03/multiple-vulnerabilities-in-ruckus.html?m=1

https://support.ruckuswireless.com/security_bulletins/302

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-22658

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-22658

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-22658

EUVD