7.5
CVE-2020-22662
- EPSS 0.86%
- Published 20.01.2023 19:15:13
- Last modified 03.04.2025 18:15:40
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to change and set unauthorized "illegal region code" by remote code Execution command injection which leads to run illegal frequency with maxi output power. Vulnerability allows attacker to create an arbitrary amount of ssid wlans interface per radio which creates overhead over noise (the default max limit is 8 ssid only per radio in solo AP). Vulnerability allows attacker to unlock hidden regions by privilege command injection in WEB GUI.
Data is provided by the National Vulnerability Database (NVD)
Ruckuswireless ≫ R310 Firmware Version10.5.1.0.199
Ruckuswireless ≫ R500 Firmware Version10.5.1.0.199
Ruckuswireless ≫ R600 Firmware Version10.5.1.0.199
Ruckuswireless ≫ T300 Firmware Version10.5.1.0.199
Ruckuswireless ≫ T301n Firmware Version10.5.1.0.199
Ruckuswireless ≫ T301s Firmware Version10.5.1.0.199
Ruckuswireless ≫ Scg200 Firmware Version < 3.6.2.0.795
Ruckuswireless ≫ Sz-100 Firmware Version < 3.6.2.0.795
Ruckuswireless ≫ Sz-300 Firmware Version < 3.6.2.0.795
Ruckuswireless ≫ Vsz Firmware Version < 3.6.2.0.795
Ruckuswireless ≫ Zonedirector 1100 Firmware Version9.10.2.0.130
Ruckuswireless ≫ Zonedirector 1200 Firmware Version10.2.1.0.218
Ruckuswireless ≫ Zonedirector 3000 Firmware Version10.2.1.0.218
Ruckuswireless ≫ Zonedirector 5000 Firmware Version10.0.1.0.151
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.86% | 0.741 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.