Remote Code Execution Vulnerability in Ruckus Wireless Products
CVE-2020-22662

7.5HIGH

Key Information:

Vendor: Ruckuswireless
Status: R310 Firmware
Vendor: CVE Published:; 20 January 2023

Summary

A security vulnerability in various Ruckus Wireless products allows attackers to exploit remote code execution capabilities. By leveraging this flaw, an attacker can modify and set unauthorized 'illegal region code' through command injection via the web interface. This manipulation not only permits the execution of illegal frequency operations but also enables the creation of multiple SSID WLAN interfaces per radio, exceeding the usual limit and potentially causing significant network interference. Moreover, the attacker is capable of unlocking hidden regions, posing a severe risk to network security.

References

https://support.ruckuswireless.com/security_bulletins/302

https://hdhrmi.blogspot.com/2020/03/multiple-vulnerabilit...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 20, 2023
Vulnerability Reserved
Aug 13, 2020