Ruckus
Products
23- 20 CVEs
- 12 CVEs
- 10 CVEs
- 9 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
65| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-69426 | Cri | 0.65 | — | 0.00 | Jan 9, 2026 | The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables… | ||
| CVE-2025-69425 | Cri | 0.65 | — | 0.01 | Jan 9, 2026 | The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password (TOTP) secret and an embedded static… | ||
| CVE-2025-67305 | Cri | 0.64 | 9.8 | 0.00 | Feb 19, 2026 | In RUCKUS Network Director (RND) < 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network access to authenticate via SSH without a password. Once authenticated, the… | ||
| CVE-2025-67304 | Cri | 0.64 | 9.8 | 0.00 | Feb 19, 2026 | In Ruckus Network Director (RND) < 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user. In the default configuration, the PostgreSQL service is accessible over the network on TCP port 5432. An attacker can use the hardcoded… | ||
| CVE-2018-11036 | Cri | 0.59 | 9.1 | 0.01 | May 31, 2018 | Ruckus SmartZone (formerly Virtual SmartCell Gateway or vSCG) 3.5.0, 3.5.1, 3.6.0, and 3.6.1 (Essentials and High Scale) on vSZ, SZ-100, SZ-300, and SCG-200 devices allows remote attackers to obtain sensitive information or modify data. | ||
| CVE-2016-1000216 | Hig | 0.58 | 8.8 | 0.07 | Oct 10, 2016 | Ruckus Wireless H500 web management interface authenticated command injection | ||
| CVE-2017-6230 | Hig | 0.57 | 8.8 | 0.02 | Feb 14, 2018 | Ruckus Networks Solo APs firmware releases R110.x or before and Ruckus Networks SZ managed APs firmware releases R5.x or before contain authenticated Root Command Injection in the web-GUI that could allow authenticated valid users to execute privileged commands on the respective… | ||
| CVE-2017-6229 | Hig | 0.57 | 8.8 | 0.02 | Feb 14, 2018 | Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and Ruckus Networks Zone Director firmware releases 10.1.0.0.x, 9.10.2.0.x, 9.12.3.0.x, 9.13.3.0.x, 10.0.1.0.x or before contain authenticated Root Command Injection in the CLI that could allow authenticated… | ||
| CVE-2017-6224 | Hig | 0.57 | 8.8 | 0.01 | Oct 13, 2017 | Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ZD10.0.0.x, ZD10.0.1.x (less than 10.0.1.0.17 MR1 release) and Ruckus Wireless Unleashed AP Firmware releases 200.0.x, 200.1.x, 200.2.x, 200.3.x, 200.4.x. contain OS Command Injection vulnerabilities that could… | ||
| CVE-2017-6223 | Hig | 0.57 | 8.8 | 0.02 | Oct 13, 2017 | Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileged commands on the… | ||
| CVE-2016-1000213 | Hig | 0.57 | 8.8 | 0.00 | Oct 25, 2016 | Ruckus Wireless H500 web management interface CSRF | ||
| CVE-2016-1000215 | Hig | 0.49 | 7.5 | 0.01 | Oct 25, 2016 | Ruckus Wireless H500 web management interface denial of service | ||
| CVE-2018-11027 | Med | 0.40 | 6.1 | 0.01 | May 29, 2018 | A reflected XSS vulnerability on Ruckus ICX7450-48 devices allows remote attackers to inject arbitrary web script or HTML. | ||
| CVE-2016-1000214 | Med | 0.35 | 5.3 | 0.01 | Oct 25, 2016 | Ruckus Wireless H500 web management interface authentication bypass | ||
| CVE-2023-25717 | 0.20 | — | 0.95 | KEV | Feb 13, 2023 | Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring. | ||
| CVE-2020-26879 | 0.07 | — | 0.42 | Oct 26, 2020 | Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An unauthenticated attacker can interact with the service API by using a backdoor value as the Authorization header. | |||
| CVE-2013-5030 | 0.03 | — | 0.02 | Oct 16, 2013 | Ruckus Wireless Zoneflex 2942 devices with firmware 9.6.0.0.267 allow remote attackers to bypass authentication, and subsequently access certain configuration/ and maintenance/ scripts, by constructing a crafted URI after receiving an authentication error for an arbitrary login… | |||
| CVE-2019-19838 | 0.02 | — | 0.24 | Jan 23, 2020 | emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/_cmdstat.jsp via the uploadFile attribute. | |||
| CVE-2019-19840 | 0.02 | — | 0.04 | Jan 22, 2020 | A stack-based buffer overflow in zap_parse_args in zap.c in zap in Ruckus Unleashed through 200.7.10.102.64 allows remote code execution via an unauthenticated HTTP request. | |||
| CVE-2019-19842 | 0.01 | — | 0.05 | Jan 22, 2020 | emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=spectra-analysis to admin/_cmdstat.jsp via the mac attribute. |
- risk 0.65cvss —epss 0.00
The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables…
- risk 0.65cvss —epss 0.01
The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password (TOTP) secret and an embedded static…
- risk 0.64cvss 9.8epss 0.00
In RUCKUS Network Director (RND) < 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network access to authenticate via SSH without a password. Once authenticated, the…
- risk 0.64cvss 9.8epss 0.00
In Ruckus Network Director (RND) < 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user. In the default configuration, the PostgreSQL service is accessible over the network on TCP port 5432. An attacker can use the hardcoded…
- risk 0.59cvss 9.1epss 0.01
Ruckus SmartZone (formerly Virtual SmartCell Gateway or vSCG) 3.5.0, 3.5.1, 3.6.0, and 3.6.1 (Essentials and High Scale) on vSZ, SZ-100, SZ-300, and SCG-200 devices allows remote attackers to obtain sensitive information or modify data.
- risk 0.58cvss 8.8epss 0.07
Ruckus Wireless H500 web management interface authenticated command injection
- risk 0.57cvss 8.8epss 0.02
Ruckus Networks Solo APs firmware releases R110.x or before and Ruckus Networks SZ managed APs firmware releases R5.x or before contain authenticated Root Command Injection in the web-GUI that could allow authenticated valid users to execute privileged commands on the respective…
- risk 0.57cvss 8.8epss 0.02
Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and Ruckus Networks Zone Director firmware releases 10.1.0.0.x, 9.10.2.0.x, 9.12.3.0.x, 9.13.3.0.x, 10.0.1.0.x or before contain authenticated Root Command Injection in the CLI that could allow authenticated…
- risk 0.57cvss 8.8epss 0.01
Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ZD10.0.0.x, ZD10.0.1.x (less than 10.0.1.0.17 MR1 release) and Ruckus Wireless Unleashed AP Firmware releases 200.0.x, 200.1.x, 200.2.x, 200.3.x, 200.4.x. contain OS Command Injection vulnerabilities that could…
- risk 0.57cvss 8.8epss 0.02
Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileged commands on the…
- risk 0.57cvss 8.8epss 0.00
Ruckus Wireless H500 web management interface CSRF
- risk 0.49cvss 7.5epss 0.01
Ruckus Wireless H500 web management interface denial of service
- risk 0.40cvss 6.1epss 0.01
A reflected XSS vulnerability on Ruckus ICX7450-48 devices allows remote attackers to inject arbitrary web script or HTML.
- risk 0.35cvss 5.3epss 0.01
Ruckus Wireless H500 web management interface authentication bypass
- risk 0.20cvss —epss 0.95
Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.
- CVE-2020-26879Oct 26, 2020risk 0.07cvss —epss 0.42
Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An unauthenticated attacker can interact with the service API by using a backdoor value as the Authorization header.
- CVE-2013-5030Oct 16, 2013risk 0.03cvss —epss 0.02
Ruckus Wireless Zoneflex 2942 devices with firmware 9.6.0.0.267 allow remote attackers to bypass authentication, and subsequently access certain configuration/ and maintenance/ scripts, by constructing a crafted URI after receiving an authentication error for an arbitrary login…
- CVE-2019-19838Jan 23, 2020risk 0.02cvss —epss 0.24
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/_cmdstat.jsp via the uploadFile attribute.
- CVE-2019-19840Jan 22, 2020risk 0.02cvss —epss 0.04
A stack-based buffer overflow in zap_parse_args in zap.c in zap in Ruckus Unleashed through 200.7.10.102.64 allows remote code execution via an unauthenticated HTTP request.
- CVE-2019-19842Jan 22, 2020risk 0.01cvss —epss 0.05
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=spectra-analysis to admin/_cmdstat.jsp via the mac attribute.