CVE-2020-22662:Command injection vulnerability in Ruckus wireless access points and controllers allows attackers to execute unauthorized commands, modify region codes, and create excessive SSID interfaces.

splash
Back

Description Preview

A command injection vulnerability (CWE-77) affects multiple Ruckus wireless devices including R310, R500, R600, T300, T301n, T301s models running firmware version 10.5.1.0.199, as well as various Ruckus controllers including SmartCell Gateway 200, SmartZone 100, SmartZone 300, Virtual SmartZone, and ZoneDirector series. This vulnerability allows remote attackers to execute arbitrary commands, change unauthorized "illegal region codes," and create excessive SSID WLAN interfaces per radio beyond the default limit of 8. The exploitation can lead to running illegal frequencies with maximum output power and unlocking hidden regions through privilege command injection in the web GUI.

Overview

This vulnerability affects multiple Ruckus wireless access points and controller products. The command injection vulnerability allows attackers to bypass security controls and execute unauthorized commands on the affected devices. The impact includes:

  1. Ability to change and set unauthorized "illegal region codes" which can lead to operating the device at illegal frequencies with maximum output power
  2. Creation of an arbitrary number of SSID WLAN interfaces per radio beyond the default limit of 8, causing overhead and noise
  3. Unlocking of hidden regions through privilege command injection in the web GUI interface

The vulnerability is particularly concerning as it could allow attackers to manipulate the wireless transmission characteristics of the devices, potentially violating regulatory requirements for radio frequency usage in different regions.

Remediation

To address this vulnerability, administrators should:

  1. Update affected devices to the following patched versions:

    • SmartCell Gateway 200 (SCG200): Update to version 3.6.2.0.795 or later
    • SmartZone 100 (SZ-100): Update to version 3.6.2.0.795 or later
    • SmartZone 300 (SZ300): Update to version 3.6.2.0.795 or later
    • Virtual SmartZone (vSZ): Update to version 3.6.2.0.795 or later
    • For R310, R500, R600, T300, T301n, T301s: Check with vendor for patched firmware versions

  2. Implement additional security measures:

    • Restrict administrative access to the web GUI to trusted networks only
    • Implement strong authentication mechanisms
    • Monitor systems for unusual activities or configuration changes
    • Deploy network segmentation to limit access to management interfaces

  3. Regularly check for and apply security updates from Ruckus as they become available

References

  1. Ruckus Security Bulletin: https://support.ruckuswireless.com/security_bulletins/302
  2. Vulnerability details blog post: https://hdhrmi.blogspot.com/2020/03/multiple-vulnerabilities-in-ruckus.html?m=1
  3. CWE-77: Command Injection - https://cwe.mitre.org/data/definitions/77.html

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Accommodation & Food Services
    Accommodation & Food Services
  2. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  3. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  4. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  5. Construction
    Construction
  6. Educational Services
    Educational Services
  7. Finance and Insurance
    Finance and Insurance
  8. Health Care & Social Assistance
    Health Care & Social Assistance
  9. Information
    Information
  10. Management of Companies & Enterprises
    Management of Companies & Enterprises
  11. Manufacturing
    Manufacturing
  12. Mining
    Mining
  13. Other Services (except Public Administration)
    Other Services (except Public Administration)
  14. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  15. Public Administration
    Public Administration
  16. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  17. Retail Trade
    Retail Trade
  18. Transportation & Warehousing
    Transportation & Warehousing
  19. Utilities
    Utilities
  20. Wholesale Trade
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background
Armis Vulnerability Intelligence Database