Details of VAR-202301-1662

ID

VAR-202301-1662

CVE

CVE-2020-22662

TITLE

plural Ruckus Networks ( Old Ruckus Wireless, Inc.) Command injection vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2020-017630

DESCRIPTION

In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to change and set unauthorized "illegal region code" by remote code Execution command injection which leads to run illegal frequency with maxi output power. Vulnerability allows attacker to create an arbitrary amount of ssid wlans interface per radio which creates overhead over noise (the default max limit is 8 ssid only per radio in solo AP). Vulnerability allows attacker to unlock hidden regions by privilege command injection in WEB GUI. plural Ruckus Networks ( Old Ruckus Wireless, Inc.) Contains a command injection vulnerability.Information may be tampered with

Trust: 1.71

sources: NVD: CVE-2020-22662 // JVNDB: JVNDB-2020-017630 // VULMON: CVE-2020-22662

IOT TAXONOMY

category:

['network device']

sub_category:

access point

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	ruckuswireless	model:	zonedirector 1100	scope:	eq	version:	9.10.2.0.130	Trust: 1.0
vendor:	ruckuswireless	model:	t301s	scope:	eq	version:	10.5.1.0.199	Trust: 1.0
vendor:	ruckuswireless	model:	r500	scope:	eq	version:	10.5.1.0.199	Trust: 1.0
vendor:	ruckuswireless	model:	r310	scope:	eq	version:	10.5.1.0.199	Trust: 1.0
vendor:	ruckuswireless	model:	r600	scope:	eq	version:	10.5.1.0.199	Trust: 1.0
vendor:	ruckuswireless	model:	t301n	scope:	eq	version:	10.5.1.0.199	Trust: 1.0
vendor:	ruckuswireless	model:	zonedirector 3000	scope:	eq	version:	10.2.1.0.218	Trust: 1.0
vendor:	ruckuswireless	model:	sz-100	scope:	lt	version:	3.6.2.0.795	Trust: 1.0
vendor:	ruckuswireless	model:	t300	scope:	eq	version:	10.5.1.0.199	Trust: 1.0
vendor:	ruckuswireless	model:	sz-300	scope:	lt	version:	3.6.2.0.795	Trust: 1.0
vendor:	ruckuswireless	model:	zonedirector 5000	scope:	eq	version:	10.0.1.0.151	Trust: 1.0
vendor:	ruckuswireless	model:	scg200	scope:	lt	version:	3.6.2.0.795	Trust: 1.0
vendor:	ruckuswireless	model:	zonedirector 1200	scope:	eq	version:	10.2.1.0.218	Trust: 1.0
vendor:	ruckuswireless	model:	vsz	scope:	lt	version:	3.6.2.0.795	Trust: 1.0
vendor:	ruckus 旧 ruckus	model:	vsz	scope:	-	version:	-	Trust: 0.8
vendor:	ruckus 旧 ruckus	model:	zonedirector 3000	scope:	-	version:	-	Trust: 0.8
vendor:	ruckus 旧 ruckus	model:	sz-100	scope:	-	version:	-	Trust: 0.8
vendor:	ruckus 旧 ruckus	model:	t300	scope:	-	version:	-	Trust: 0.8
vendor:	ruckus 旧 ruckus	model:	r310	scope:	-	version:	-	Trust: 0.8
vendor:	ruckus 旧 ruckus	model:	r600	scope:	-	version:	-	Trust: 0.8
vendor:	ruckus 旧 ruckus	model:	zonedirector 5000	scope:	-	version:	-	Trust: 0.8
vendor:	ruckus 旧 ruckus	model:	r500	scope:	-	version:	-	Trust: 0.8
vendor:	ruckus 旧 ruckus	model:	zonedirector 1100	scope:	-	version:	-	Trust: 0.8
vendor:	ruckus 旧 ruckus	model:	scg200	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-017630 // NVD: CVE-2020-22662

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-22662
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2020-22662
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-22662
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202301-1621
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-22662
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2020-22662
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-017630 // CNNVD: CNNVD-202301-1621 // NVD: CVE-2020-22662 // NVD: CVE-2020-22662

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.0
problemtype:	Command injection (CWE-77) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-017630 // NVD: CVE-2020-22662

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202301-1621

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202301-1621

PATCH

title:	Security Bulletin 20200302	url:	https://support.ruckuswireless.com/security_bulletins/302	Trust: 0.8
title:	Ruckus Networks Repair measures for command injection vulnerabilities in multiple products	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=223507	Trust: 0.6

sources: JVNDB: JVNDB-2020-017630 // CNNVD: CNNVD-202301-1621

EXTERNAL IDS

db:	NVD	id:	CVE-2020-22662	Trust: 3.4
db:	JVNDB	id:	JVNDB-2020-017630	Trust: 0.8
db:	CNNVD	id:	CNNVD-202301-1621	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULMON	id:	CVE-2020-22662	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2020-22662 // JVNDB: JVNDB-2020-017630 // CNNVD: CNNVD-202301-1621 // NVD: CVE-2020-22662

REFERENCES

url:	https://support.ruckuswireless.com/security_bulletins/302	Trust: 1.7
url:	https://hdhrmi.blogspot.com/2020/03/multiple-vulnerabilities-in-ruckus.html?m=1	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2020-22662	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2020-22662/	Trust: 0.6
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2020-22662 // JVNDB: JVNDB-2020-017630 // CNNVD: CNNVD-202301-1621 // NVD: CVE-2020-22662

SOURCES

db:	OTHER	id:	-
db:	VULMON	id:	CVE-2020-22662
db:	JVNDB	id:	JVNDB-2020-017630
db:	CNNVD	id:	CNNVD-202301-1621
db:	NVD	id:	CVE-2020-22662

LAST UPDATE DATE

2025-04-04T23:31:31.610000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2020-22662	date:	2023-01-23T00:00:00
db:	JVNDB	id:	JVNDB-2020-017630	date:	2023-07-11T06:53:00
db:	CNNVD	id:	CNNVD-202301-1621	date:	2023-02-02T00:00:00
db:	NVD	id:	CVE-2020-22662	date:	2025-04-03T18:15:40.630

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2020-22662	date:	2023-01-20T00:00:00
db:	JVNDB	id:	JVNDB-2020-017630	date:	2023-07-11T00:00:00
db:	CNNVD	id:	CNNVD-202301-1621	date:	2023-01-20T00:00:00
db:	NVD	id:	CVE-2020-22662	date:	2023-01-20T19:15:13.063