Multiple Vulnerabilities in Ruckus Systems Exploited via Unauthorized Image Injection
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Two critical vulnerabilities, CVE-2020-22653 and CVE-2020-22658, were identified in Ruckus networking devices, including models R310, R500, R600, T300, and T301. Both vulnerabilities allow attackers to exploit the official image signature, enabling unauthorized image injection. CVE-2020-22653 permits attackers to force injection of an unauthorized image signature, while CVE-2020-22658 allows switching to an unauthorized image as the primary verified image. These vulnerabilities affect multiple versions of Ruckus software, with the latest updates being 10.5.1.0.199 for hardware and 3.6.2.0.795 for software. The vulnerabilities were published on January 20, 2023, and have been updated as of July 7, 2026. Organizations using affected Ruckus products are advised to apply patches to mitigate risks.
Key Points: • CVE-2020-22653 and CVE-2020-22658 affect several Ruckus networking devices. • Both vulnerabilities allow unauthorized image injection, posing significant security risks. • Patches are available, and affected organizations should update their systems immediately.