CVE-2020-22662

Name of the Vulnerable Software and Affected Versions Ruckus R310 version 10.5.1.0.199 Ruckus R500 version 10.5.1.0.199 Ruckus R600 version 10.5.1.0.199 Ruckus T300 version 10.5.1.0.199 Ruckus T301n version 10.5.1.0.199 Ruckus T301s version 10.5.1.0.199 SmartCell Gateway 200 (SCG200) versions prior to 3.6.2.0.795 SmartZone 100 (SZ-100) versions prior to 3.6.2.0.795 SmartZone 300 (SZ300) versions prior to 3.6.2.0.795 Virtual SmartZone (vSZ) versions prior to 3.6.2.0.795 ZoneDirector 1100 version 9.10.2.0.130 ZoneDirector 1200 version 10.2.1.0.218 ZoneDirector 3000 version 10.2.1.0.218 ZoneDirector 5000 version 10.0.1.0.151

Description A vulnerability allows attackers to change and set unauthorized "illegal region code" by remote code execution command injection, which leads to running illegal frequency with maximum output power. This issue also allows attackers to create an arbitrary amount of SSID WLANs interface per radio, creating overhead over noise, as the default maximum limit is 8 SSID only per radio in solo AP. Furthermore, attackers can unlock hidden regions by privilege command injection in the WEB GUI.

Recommendations For Ruckus R310 version 10.5.1.0.199, update to a version later than 10.5.1.0.199. For Ruckus R500 version 10.5.1.0.199, update to a version later than 10.5.1.0.199. For Ruckus R600 version 10.5.1.0.199, update to a version later than 10.5.1.0.199. For Ruckus T300 version 10.5.1.0.199, update to a version later than 10.5.1.0.199. For Ruckus T301n version 10.5.1.0.199, update to a version later than 10.5.1.0.199. For Ruckus T301s version 10.5.1.0.199, update to a version later than 10.5.1.0.199. For SmartCell Gateway 200 (SCG200) versions prior to 3.6.2.0.795, update to version 3.6.2.0.795 or later. For SmartZone 100 (SZ-100) versions prior to 3.6.2.0.795, update to version 3.6.2.0.795 or later. For SmartZone 300 (SZ300) versions prior to 3.6.2.0.795, update to version 3.6.2.0.795 or later. For Virtual SmartZone (vSZ) versions prior to 3.6.2.0.795, update to version 3.6.2.0.795 or later. For ZoneDirector 1100 version 9.10.2.0.130, update to a version later than 9.10.2.0.130. For ZoneDirector 1200 version 10.2.1.0.218, update to a version later than 10.2.1.0.218. For ZoneDirector 3000 version 10.2.1.0.218, update to a version later than 10.2.1.0.218. For ZoneDirector 5000 version 10.0.1.0.151, update to a version later than 10.0.1.0.151. As a temporary workaround, consider restricting access to the WEB GUI to minimize the risk of exploitation.