PT-2023-11627 · Ruckus · Smartzone 300+12

Published

2023-01-20

·

Updated

2025-04-03

·

CVE-2020-22653

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Ruckus R310 version 10.5.1.0.199 Ruckus R500 version 10.5.1.0.199 Ruckus R600 version 10.5.1.0.199 Ruckus T300 version 10.5.1.0.199 Ruckus T301n version 10.5.1.0.199 Ruckus T301s version 10.5.1.0.199 SmartCell Gateway 200 (SCG200) versions prior to 3.6.2.0.795 SmartZone 100 (SZ-100) versions prior to 3.6.2.0.795 SmartZone 300 (SZ300) versions prior to 3.6.2.0.795 Virtual SmartZone (vSZ) versions prior to 3.6.2.0.795 ZoneDirector 1100 version 9.10.2.0.130 ZoneDirector 1200 version 10.2.1.0.218 ZoneDirector 3000 version 10.2.1.0.218 ZoneDirector 5000 version 10.0.1.0.151
Description A vulnerability allows attackers to exploit the official image signature to force injection of an unauthorized image signature.
Recommendations For Ruckus R310 version 10.5.1.0.199, update to a version that fixes the vulnerability. For Ruckus R500 version 10.5.1.0.199, update to a version that fixes the vulnerability. For Ruckus R600 version 10.5.1.0.199, update to a version that fixes the vulnerability. For Ruckus T300 version 10.5.1.0.199, update to a version that fixes the vulnerability. For Ruckus T301n version 10.5.1.0.199, update to a version that fixes the vulnerability. For Ruckus T301s version 10.5.1.0.199, update to a version that fixes the vulnerability. For SmartCell Gateway 200 (SCG200) versions prior to 3.6.2.0.795, update to version 3.6.2.0.795 or later. For SmartZone 100 (SZ-100) versions prior to 3.6.2.0.795, update to version 3.6.2.0.795 or later. For SmartZone 300 (SZ300) versions prior to 3.6.2.0.795, update to version 3.6.2.0.795 or later. For Virtual SmartZone (vSZ) versions prior to 3.6.2.0.795, update to version 3.6.2.0.795 or later. For ZoneDirector 1100 version 9.10.2.0.130, update to a version that fixes the vulnerability. For ZoneDirector 1200 version 10.2.1.0.218, update to a version that fixes the vulnerability. For ZoneDirector 3000 version 10.2.1.0.218, update to a version that fixes the vulnerability. For ZoneDirector 5000 version 10.0.1.0.151, update to a version that fixes the vulnerability.

Fix

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-347

Related Identifiers

CVE-2020-22653

Affected Products

Ruckus R310
Ruckus R500
Ruckus R600
Ruckus T300
Ruckus T301S
Smartcell Gateway 200
Smartzone 100
Smartzone 300
Virtual Smartzone
Zonedirector 1100
Zonedirector 1200
Zonedirector 3000
Zonedirector 5000