Vulnerability in Ruckus Wireless Products Leading to Unauthorized Image Signature Injection
CVE-2020-22659

7.5HIGH

Key Information:

Vendor: Ruckuswireless
Status: R310 Firmware
Vendor: CVE Published:; 20 January 2023

Summary

A vulnerability exists in several Ruckus Wireless devices that allows attackers to exploit the official image signature mechanism. This flaw enables unauthorized image signature injection, compromising device integrity and security. Affected versions span across various models, including the R310, R500, R600, and several ZoneDirector products, necessitating urgent attention from users to ensure they are not at risk.

References

https://support.ruckuswireless.com/security_bulletins/302

https://hdhrmi.blogspot.com/2020/03/multiple-vulnerabilit...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 20, 2023
Vulnerability Reserved
Aug 13, 2020