在命令中使用的特殊元素转义处理不恰当(命令注入)
CVE编号
CVE-2020-22662利用情况
暂无补丁情况
N/A披露时间
2023-01-21漏洞描述
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to change and set unauthorized "illegal region code" by remote code Execution command injection which leads to run illegal frequency with maxi output power. Vulnerability allows attacker to create an arbitrary amount of ssid wlans interface per radio which creates overhead over noise (the default max limit is 8 ssid only per radio in solo AP). Vulnerability allows attacker to unlock hidden regions by privilege command injection in WEB GUI.解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接 |
|
|---|---|
| https://support.ruckuswireless.com/security_bulletins/302 |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 系统 | ruckuswireless | r310_firmware | 10.5.1.0.199 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | ruckuswireless | r500_firmware | 10.5.1.0.199 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | ruckuswireless | r600_firmware | 10.5.1.0.199 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | ruckuswireless | scg200_firmware | * | Up to (excluding) 3.6.2.0.795 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ruckuswireless | sz-100_firmware | * | Up to (excluding) 3.6.2.0.795 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ruckuswireless | sz-300_firmware | * | Up to (excluding) 3.6.2.0.795 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ruckuswireless | t300_firmware | 10.5.1.0.199 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | ruckuswireless | t301n_firmware | 10.5.1.0.199 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | ruckuswireless | t301s_firmware | 10.5.1.0.199 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | ruckuswireless | vsz_firmware | * | Up to (excluding) 3.6.2.0.795 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ruckuswireless | zonedirector_1100_firmware | 9.10.2.0.130 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | ruckuswireless | zonedirector_1200_firmware | 10.2.1.0.218 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | ruckuswireless | zonedirector_3000_firmware | 10.2.1.0.218 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | ruckuswireless | zonedirector_5000_firmware | 10.0.1.0.151 | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | ruckuswireless | r310 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | ruckuswireless | r500 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | ruckuswireless | r600 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | ruckuswireless | scg200 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | ruckuswireless | sz-100 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | ruckuswireless | sz-300 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | ruckuswireless | t300 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | ruckuswireless | t301n | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | ruckuswireless | t301s | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | ruckuswireless | vsz | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | ruckuswireless | zonedirector_1100 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | ruckuswireless | zonedirector_1200 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | ruckuswireless | zonedirector_3000 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | ruckuswireless | zonedirector_5000 | - | - | |||||
- 攻击路径 网络
- 攻击复杂度 低
- 权限要求 无
- 影响范围 未更改
- 用户交互 无
- 可用性 无
- 保密性 无
- 完整性 高
| CWE-ID | 漏洞类型 |
| CWE-77 | 在命令中使用的特殊元素转义处理不恰当(命令注入) |
Exp相关链接
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!








评论