Improper Verification of Cryptographic Signature in CommScope products - CVE-2020-22653
Published: July 9, 2026
Vulnerability identifier: #VU137222
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2020-22653
CWE-ID: CWE-347
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vendor: CommScope
Affected software:
Ruckus R310
Ruckus R500
Ruckus R600
Ruckus T300
Ruckus T301n
Ruckus T301s
SmartZone 300 (SZ300)
ZoneDirector 1100
ZoneDirector 1200
ZoneDirector 3000
ZoneDirector 5000
SmartCell Gateway 200 (SCG200)
SmartZone 100 (SZ-100)
Virtual SmartZone (vSZ)
Ruckus R310
Ruckus R500
Ruckus R600
Ruckus T300
Ruckus T301n
Ruckus T301s
SmartZone 300 (SZ300)
ZoneDirector 1100
ZoneDirector 1200
ZoneDirector 3000
ZoneDirector 5000
SmartCell Gateway 200 (SCG200)
SmartZone 100 (SZ-100)
Virtual SmartZone (vSZ)
Detailed vulnerability description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to improper verification of cryptographic signature. A remote attacker can exploit the official image signature to force injection unauthorized image signature.
How to mitigate CVE-2020-22653
Install updates from vendor's website.