Download of code without integrity check in CommScope products - CVE-2020-22658
Published: July 9, 2026
Vulnerability identifier: #VU137223
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2020-22658
CWE-ID: CWE-494
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vendor: CommScope
Affected software:
Ruckus R310
Ruckus R500
Ruckus R600
Ruckus T300
Ruckus T301n
Ruckus T301s
SmartZone 300 (SZ300)
ZoneDirector 1100
ZoneDirector 1200
ZoneDirector 3000
ZoneDirector 5000
SmartCell Gateway 200 (SCG200)
SmartZone 100 (SZ-100)
Virtual SmartZone (vSZ)
Ruckus R310
Ruckus R500
Ruckus R600
Ruckus T300
Ruckus T301n
Ruckus T301s
SmartZone 300 (SZ300)
ZoneDirector 1100
ZoneDirector 1200
ZoneDirector 3000
ZoneDirector 5000
SmartCell Gateway 200 (SCG200)
SmartZone 100 (SZ-100)
Virtual SmartZone (vSZ)
Detailed vulnerability description
The vulnerability allows a remote attacker to compromise the affected system
The vulnerability exists due to software does not perform software integrity check when downloading updates. A remote attacker can switch completely to unauthorized image to be Boot as primary verified image.
How to mitigate CVE-2020-22658
Install updates from vendor's website.