ThreatCluster

Multiple Vulnerabilities in Ruckus Systems Exploited via Unauthorized Image Injection

First seen 7 Jul 2026, 12:27 UTC nvd.nist.gov 100% similarity 71

Article Content

Browse articles
ThreatCluster

Two critical vulnerabilities, CVE-2020-22653 and CVE-2020-22658, were identified in Ruckus networking devices, including models R310, R500, R600, T300, and T301. Both vulnerabilities allow attackers to exploit the official image signature, enabling unauthorized image injection. CVE-2020-22653 permits attackers to force injection of an unauthorized image signature, while CVE-2020-22658 allows switching to an unauthorized image as the primary verified image. These vulnerabilities affect multiple versions of Ruckus software, with the latest updates being 10.5.1.0.199 for hardware and 3.6.2.0.795 for software. The vulnerabilities were published on January 20, 2023, and have been updated as of July 7, 2026. Organizations using affected Ruckus products are advised to apply patches to mitigate risks.

Key Points: • CVE-2020-22653 and CVE-2020-22658 affect several Ruckus networking devices. • Both vulnerabilities allow unauthorized image injection, posing significant security risks. • Patches are available, and affected organizations should update their systems immediately.

ThreatCluster AI

Timeline

2023-01-20
CVE-2020-22653 published
A vulnerability in Ruckus devices allows attackers to exploit image signatures for unauthorized access.
nvd.nist.gov
2023-01-20
CVE-2020-22658 published
Another vulnerability enables attackers to switch to unauthorized images as primary verified images.
nvd.nist.gov
2026-07-07
CVE records updated
NVD enrichment efforts led to updates in CVE records for both vulnerabilities, emphasizing the need for patching.
nvd.nist.gov

Community

Browse all →