Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-22655

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-20 Jan, 2023 | 00:00
Updated At-03 Apr, 2025 | 18:03
Rejected At-
Credits

In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to persistently to writing unauthorized image.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:20 Jan, 2023 | 00:00
Updated At:03 Apr, 2025 | 18:03
Rejected At:
▼CVE Numbering Authority (CNA)

In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to persistently to writing unauthorized image.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.ruckuswireless.com/security_bulletins/302
N/A
https://hdhrmi.blogspot.com/2020/03/multiple-vulnerabilities-in-ruckus.html?m=1
N/A
Hyperlink: https://support.ruckuswireless.com/security_bulletins/302
Resource: N/A
Hyperlink: https://hdhrmi.blogspot.com/2020/03/multiple-vulnerabilities-in-ruckus.html?m=1
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.ruckuswireless.com/security_bulletins/302
x_transferred
Hyperlink: https://support.ruckuswireless.com/security_bulletins/302
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-284CWE-284 Improper Access Control
Type: CWE
CWE ID: CWE-284
Description: CWE-284 Improper Access Control
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:20 Jan, 2023 | 19:15
Updated At:03 Apr, 2025 | 18:15

In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to persistently to writing unauthorized image.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CPE Matches
ruckuswireless
ruckuswireless
>>r310_firmware>>10.5.1.0.199
cpe:2.3:o:ruckuswireless:r310_firmware:10.5.1.0.199:*:*:*:*:*:*:*
ruckuswireless
ruckuswireless
>>r310>>-
cpe:2.3:h:ruckuswireless:r310:-:*:*:*:*:*:*:*
ruckuswireless
ruckuswireless
>>r500_firmware>>10.5.1.0.199
cpe:2.3:o:ruckuswireless:r500_firmware:10.5.1.0.199:*:*:*:*:*:*:*
ruckuswireless
ruckuswireless
>>r500>>-
cpe:2.3:h:ruckuswireless:r500:-:*:*:*:*:*:*:*
ruckuswireless
ruckuswireless
>>r600_firmware>>10.5.1.0.199
cpe:2.3:o:ruckuswireless:r600_firmware:10.5.1.0.199:*:*:*:*:*:*:*
ruckuswireless
ruckuswireless
>>r600>>-
cpe:2.3:h:ruckuswireless:r600:-:*:*:*:*:*:*:*
ruckuswireless
ruckuswireless
>>t300_firmware>>10.5.1.0.199
cpe:2.3:o:ruckuswireless:t300_firmware:10.5.1.0.199:*:*:*:*:*:*:*
ruckuswireless
ruckuswireless
>>t300>>-
cpe:2.3:h:ruckuswireless:t300:-:*:*:*:*:*:*:*
ruckuswireless
ruckuswireless
>>t301n_firmware>>10.5.1.0.199
cpe:2.3:o:ruckuswireless:t301n_firmware:10.5.1.0.199:*:*:*:*:*:*:*
ruckuswireless
ruckuswireless
>>t301n>>-
cpe:2.3:h:ruckuswireless:t301n:-:*:*:*:*:*:*:*
ruckuswireless
ruckuswireless
>>t301s_firmware>>10.5.1.0.199
cpe:2.3:o:ruckuswireless:t301s_firmware:10.5.1.0.199:*:*:*:*:*:*:*
ruckuswireless
ruckuswireless
>>t301s>>-
cpe:2.3:h:ruckuswireless:t301s:-:*:*:*:*:*:*:*
ruckuswireless
ruckuswireless
>>scg200_firmware>>Versions before 3.6.2.0.795(exclusive)
cpe:2.3:o:ruckuswireless:scg200_firmware:*:*:*:*:*:*:*:*
ruckuswireless
ruckuswireless
>>scg200>>-
cpe:2.3:h:ruckuswireless:scg200:-:*:*:*:*:*:*:*
ruckuswireless
ruckuswireless
>>sz-100_firmware>>Versions before 3.6.2.0.795(exclusive)
cpe:2.3:o:ruckuswireless:sz-100_firmware:*:*:*:*:*:*:*:*
ruckuswireless
ruckuswireless
>>sz-100>>-
cpe:2.3:h:ruckuswireless:sz-100:-:*:*:*:*:*:*:*
ruckuswireless
ruckuswireless
>>sz-300_firmware>>Versions before 3.6.2.0.795(exclusive)
cpe:2.3:o:ruckuswireless:sz-300_firmware:*:*:*:*:*:*:*:*
ruckuswireless
ruckuswireless
>>sz-300>>-
cpe:2.3:h:ruckuswireless:sz-300:-:*:*:*:*:*:*:*
ruckuswireless
ruckuswireless
>>vsz_firmware>>Versions before 3.6.2.0.795(exclusive)
cpe:2.3:o:ruckuswireless:vsz_firmware:*:*:*:*:*:*:*:*
ruckuswireless
ruckuswireless
>>vsz>>-
cpe:2.3:h:ruckuswireless:vsz:-:*:*:*:*:*:*:*
ruckuswireless
ruckuswireless
>>zonedirector_1100_firmware>>9.10.2.0.130
cpe:2.3:o:ruckuswireless:zonedirector_1100_firmware:9.10.2.0.130:*:*:*:*:*:*:*
ruckuswireless
ruckuswireless
>>zonedirector_1100>>-
cpe:2.3:h:ruckuswireless:zonedirector_1100:-:*:*:*:*:*:*:*
ruckuswireless
ruckuswireless
>>zonedirector_1200_firmware>>10.2.1.0.218
cpe:2.3:o:ruckuswireless:zonedirector_1200_firmware:10.2.1.0.218:*:*:*:*:*:*:*
ruckuswireless
ruckuswireless
>>zonedirector_1200>>-
cpe:2.3:h:ruckuswireless:zonedirector_1200:-:*:*:*:*:*:*:*
ruckuswireless
ruckuswireless
>>zonedirector_3000_firmware>>10.2.1.0.218
cpe:2.3:o:ruckuswireless:zonedirector_3000_firmware:10.2.1.0.218:*:*:*:*:*:*:*
ruckuswireless
ruckuswireless
>>zonedirector_3000>>-
cpe:2.3:h:ruckuswireless:zonedirector_3000:-:*:*:*:*:*:*:*
ruckuswireless
ruckuswireless
>>zonedirector_5000_firmware>>10.0.1.0.151
cpe:2.3:o:ruckuswireless:zonedirector_5000_firmware:10.0.1.0.151:*:*:*:*:*:*:*
ruckuswireless
ruckuswireless
>>zonedirector_5000>>-
cpe:2.3:h:ruckuswireless:zonedirector_5000:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-284Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-284
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://hdhrmi.blogspot.com/2020/03/multiple-vulnerabilities-in-ruckus.html?m=1cve@mitre.org
N/A
https://support.ruckuswireless.com/security_bulletins/302cve@mitre.org
Patch
Vendor Advisory
https://support.ruckuswireless.com/security_bulletins/302af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
Hyperlink: https://hdhrmi.blogspot.com/2020/03/multiple-vulnerabilities-in-ruckus.html?m=1
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://support.ruckuswireless.com/security_bulletins/302
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: https://support.ruckuswireless.com/security_bulletins/302
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

57Records found
CVE-2017-18380
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.20% / 42.06%
||
7 Day CHG~0.00%
Published-30 Jul, 2019 | 12:30
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name.

Action-Not Available
Vendor-edxn/a
Product-edx-platformn/a
CWE ID-CWE-284
Improper Access Control
CVE-2021-26118
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-1.01% / 76.17%
||
7 Day CHG~0.00%
Published-27 Jan, 2021 | 18:55
Updated-13 Feb, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Flaw in ActiveMQ Artemis OpenWire support

While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error.

Action-Not Available
Vendor-NetApp, Inc.The Apache Software Foundation
Product-activemq_artemisoncommand_workflow_automationApache ActiveMQ Artemis
CWE ID-CWE-284
Improper Access Control
CVE-2021-24916
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.5||HIGH
EPSS-3.35% / 86.80%
||
7 Day CHG~0.00%
Published-07 Aug, 2023 | 14:31
Updated-15 Oct, 2024 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qubely < 1.8.6 - Unauthenticated Arbitrary E-mail Sending

The Qubely WordPress plugin before 1.8.6 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qubely_send_form_data AJAX action.

Action-Not Available
Vendor-UnknownThemeum
Product-qubelyQubely
CWE ID-CWE-284
Improper Access Control
CVE-2021-24146
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.5||HIGH
EPSS-85.04% / 99.30%
||
7 Day CHG~0.00%
Published-18 Mar, 2021 | 14:57
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Modern Events Calendar Lite < 5.16.5 - Unauthenticated Events Export

Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.

Action-Not Available
Vendor-webnusUnknown
Product-modern_events_calendar_liteModern Events Calendar Lite
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-862
Missing Authorization
CVE-2024-50945
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.22% / 78.28%
||
7 Day CHG~0.00%
Published-27 Dec, 2024 | 00:00
Updated-18 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper access control vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f, allowing users to submit reviews without verifying if they have purchased the product.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-284
Improper Access Control
CVE-2024-50653
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 28.55%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 00:00
Updated-13 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CRMEB <=5.4.0 is vulnerable to Incorrect Access Control. Users can bypass the front-end restriction of only being able to claim coupons once by capturing packets and sending a large number of data packets for coupon collection, achieving unlimited coupon collection.

Action-Not Available
Vendor-crmebn/acrmeb
Product-crmebn/acrmeb
CWE ID-CWE-284
Improper Access Control
CVE-2021-28505
Matching Score-4
Assigner-Arista Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Arista Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.20% / 42.58%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 20:05
Updated-16 Sep, 2024 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol.

On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol.

Action-Not Available
Vendor-Arista Networks, Inc.
Product-ccs-720xp-24zy4dcs-7050sx3-96yc8ccs-710p-12ccs-720xp-48y6dcs-7050cx3m-32sccs-722xpm-48zy8dcs-7050tx3-48c8ccs-720xp-24y6ccs-722xpm-48y4ccs-720xp-48zc2dcs-7010tx-48dcs-7050cx3-32sdcs-7050sx3-48yc12dcs-7050sx3-48yc8ccs-710p-16pdcs-7050sx3-48c8eosccs-720xp-96zc2EOS
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-863
Incorrect Authorization
  • Previous
  • 1
  • 2
  • Next
Details not found