CVE-2020-22662

20.01.2023, 19:15

In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to change and set unauthorized "illegal region code" by remote code Execution command injection which leads to run illegal frequency with maxi output power. Vulnerability allows attacker to create an arbitrary amount of ssid wlans interface per radio which creates overhead over noise (the default max limit is 8 ssid only per radio in solo AP). Vulnerability allows attacker to unlock hidden regions by privilege command injection in WEB GUI.

Command Injection

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
mitre	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 78%

Vendor	Product	Version
ruckuswireless	r310_firmware	10.5.1.0.199
ruckuswireless	r500_firmware	10.5.1.0.199
ruckuswireless	r600_firmware	10.5.1.0.199
ruckuswireless	t300_firmware	10.5.1.0.199
ruckuswireless	t301n_firmware	10.5.1.0.199
ruckuswireless	t301s_firmware	10.5.1.0.199
ruckuswireless	scg200_firmware	𝑥 < 3.6.2.0.795
ruckuswireless	sz-100_firmware	𝑥 < 3.6.2.0.795
ruckuswireless	sz-300_firmware	𝑥 < 3.6.2.0.795
ruckuswireless	vsz_firmware	𝑥 < 3.6.2.0.795
ruckuswireless	zonedirector_1100_firmware	9.10.2.0.130
ruckuswireless	zonedirector_1200_firmware	10.2.1.0.218
ruckuswireless	zonedirector_3000_firmware	10.2.1.0.218
ruckuswireless	zonedirector_5000_firmware	10.0.1.0.151

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References

https://hdhrmi.blogspot.com/2020/03/multiple-vulnerabilities-in-ruckus.html?m=1

https://support.ruckuswireless.com/security_bulletins/302