VYPR

Vendor CVEs

Ruckus

All CVEs

65 total · sorted by risk
  • CVE-2025-69426CriJan 9, 2026
    risk 0.65cvss epss 0.00

    The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables…

  • CVE-2025-69425CriJan 9, 2026
    risk 0.65cvss epss 0.01

    The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password (TOTP) secret and an embedded static…

  • CVE-2025-67305CriFeb 19, 2026
    risk 0.64cvss 9.8epss 0.00

    In RUCKUS Network Director (RND) < 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network access to authenticate via SSH without a password. Once authenticated, the…

  • CVE-2025-67304CriFeb 19, 2026
    risk 0.64cvss 9.8epss 0.00

    In Ruckus Network Director (RND) < 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user. In the default configuration, the PostgreSQL service is accessible over the network on TCP port 5432. An attacker can use the hardcoded…

  • CVE-2018-11036CriMay 31, 2018
    risk 0.59cvss 9.1epss 0.01

    Ruckus SmartZone (formerly Virtual SmartCell Gateway or vSCG) 3.5.0, 3.5.1, 3.6.0, and 3.6.1 (Essentials and High Scale) on vSZ, SZ-100, SZ-300, and SCG-200 devices allows remote attackers to obtain sensitive information or modify data.

  • CVE-2016-1000216HigOct 10, 2016
    risk 0.58cvss 8.8epss 0.07

    Ruckus Wireless H500 web management interface authenticated command injection

  • CVE-2017-6230HigFeb 14, 2018
    risk 0.57cvss 8.8epss 0.02

    Ruckus Networks Solo APs firmware releases R110.x or before and Ruckus Networks SZ managed APs firmware releases R5.x or before contain authenticated Root Command Injection in the web-GUI that could allow authenticated valid users to execute privileged commands on the respective…

  • CVE-2017-6229HigFeb 14, 2018
    risk 0.57cvss 8.8epss 0.02

    Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and Ruckus Networks Zone Director firmware releases 10.1.0.0.x, 9.10.2.0.x, 9.12.3.0.x, 9.13.3.0.x, 10.0.1.0.x or before contain authenticated Root Command Injection in the CLI that could allow authenticated…

  • CVE-2017-6224HigOct 13, 2017
    risk 0.57cvss 8.8epss 0.01

    Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ZD10.0.0.x, ZD10.0.1.x (less than 10.0.1.0.17 MR1 release) and Ruckus Wireless Unleashed AP Firmware releases 200.0.x, 200.1.x, 200.2.x, 200.3.x, 200.4.x. contain OS Command Injection vulnerabilities that could…

  • CVE-2017-6223HigOct 13, 2017
    risk 0.57cvss 8.8epss 0.02

    Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileged commands on the…

  • CVE-2016-1000213HigOct 25, 2016
    risk 0.57cvss 8.8epss 0.00

    Ruckus Wireless H500 web management interface CSRF

  • CVE-2016-1000215HigOct 25, 2016
    risk 0.49cvss 7.5epss 0.01

    Ruckus Wireless H500 web management interface denial of service

  • CVE-2018-11027MedMay 29, 2018
    risk 0.40cvss 6.1epss 0.01

    A reflected XSS vulnerability on Ruckus ICX7450-48 devices allows remote attackers to inject arbitrary web script or HTML.

  • CVE-2016-1000214MedOct 25, 2016
    risk 0.35cvss 5.3epss 0.01

    Ruckus Wireless H500 web management interface authentication bypass

  • CVE-2023-25717KEVFeb 13, 2023
    risk 0.20cvss epss 0.95

    Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.

  • CVE-2020-26879Oct 26, 2020
    risk 0.07cvss epss 0.42

    Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An unauthenticated attacker can interact with the service API by using a backdoor value as the Authorization header.

  • CVE-2013-5030Oct 16, 2013
    risk 0.03cvss epss 0.02

    Ruckus Wireless Zoneflex 2942 devices with firmware 9.6.0.0.267 allow remote attackers to bypass authentication, and subsequently access certain configuration/ and maintenance/ scripts, by constructing a crafted URI after receiving an authentication error for an arbitrary login…

  • CVE-2019-19838Jan 23, 2020
    risk 0.02cvss epss 0.24

    emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/_cmdstat.jsp via the uploadFile attribute.

  • CVE-2019-19840Jan 22, 2020
    risk 0.02cvss epss 0.04

    A stack-based buffer overflow in zap_parse_args in zap.c in zap in Ruckus Unleashed through 200.7.10.102.64 allows remote code execution via an unauthenticated HTTP request.

  • CVE-2019-19842Jan 22, 2020
    risk 0.01cvss epss 0.05

    emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=spectra-analysis to admin/_cmdstat.jsp via the mac attribute.

  • CVE-2021-4474Mar 26, 2026
    risk 0.00cvss epss 0.00

    Ruckus Access Point products contain an arbitrary file read vulnerability in the command-line interface that allows authenticated remote attackers with administrative privileges to read arbitrary files from the underlying filesystem. Attackers can exploit this vulnerability to…

  • CVE-2023-7338Mar 26, 2026
    risk 0.00cvss epss 0.01

    Ruckus Unleashed contains a remote code execution vulnerability in the web-based management interface that allows authenticated remote attackers to execute arbitrary code on the system when gateway mode is enabled. Attackers can exploit this vulnerability by sending specially…

  • CVE-2025-63735Nov 25, 2025
    risk 0.00cvss epss 0.00

    A reflected Cross site scripting (XSS) vulnerability in Ruckus Unleashed 200.13.6.1.319 via the name parameter to the the captive-portal endpoint selfguestpass/guestAccessSubmit.jsp.

  • CVE-2025-44957Aug 4, 2025
    risk 0.00cvss epss 0.01

    Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers.

  • CVE-2025-44962Aug 4, 2025
    risk 0.00cvss epss 0.01

    RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ directory traversal to read files.

  • CVE-2025-44963Aug 4, 2025
    risk 0.00cvss epss 0.01

    RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key.

  • CVE-2025-44955Aug 4, 2025
    risk 0.00cvss epss 0.00

    RUCKUS Network Director (RND) before 4.5 allows jailed users to obtain root access vis a weak, hardcoded password.

  • CVE-2025-44958Aug 4, 2025
    risk 0.00cvss epss 0.00

    RUCKUS Network Director (RND) before 4.5 stores passwords in a recoverable format.

  • CVE-2025-44954Aug 4, 2025
    risk 0.00cvss epss 0.01

    RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account.

  • CVE-2025-44960Aug 4, 2025
    risk 0.00cvss epss 0.02

    RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route.

  • CVE-2025-44961Aug 4, 2025
    risk 0.00cvss epss 0.02

    In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user.

  • CVE-2025-46118Jul 21, 2025
    risk 0.00cvss epss 0.01

    An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279, where hard-coded credentials for the ftpuser account provide FTP access to the controller, enabling a remote attacker to upload or…

  • CVE-2023-49225Dec 7, 2023
    risk 0.00cvss epss 0.00

    A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone, and AP Solo). If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. As for the affected…

  • CVE-2023-45992Oct 19, 2023
    risk 0.00cvss epss 0.01

    A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack,…

  • CVE-2023-33778Jun 1, 2023
    risk 0.00cvss epss 0.01

    Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected…

  • CVE-2023-22748Feb 28, 2023
    risk 0.00cvss epss 0.02

    There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these…

  • CVE-2020-22657Jan 20, 2023
    risk 0.00cvss epss 0.01

    In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300)…

  • CVE-2020-22653Jan 20, 2023
    risk 0.00cvss epss 0.00

    In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300)…

  • CVE-2020-22656Jan 20, 2023
    risk 0.00cvss epss 0.00

    In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300)…

  • CVE-2020-22658Jan 20, 2023
    risk 0.00cvss epss 0.00

    In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300)…

  • CVE-2020-22654Jan 20, 2023
    risk 0.00cvss epss 0.00

    In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300)…

  • CVE-2020-22655Jan 20, 2023
    risk 0.00cvss epss 0.00

    In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300)…

  • CVE-2020-22659Jan 20, 2023
    risk 0.00cvss epss 0.00

    In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300)…

  • CVE-2020-22661Jan 20, 2023
    risk 0.00cvss epss 0.01

    In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300)…

  • CVE-2020-22662Jan 20, 2023
    risk 0.00cvss epss 0.01

    In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300)…

  • CVE-2020-22660Jan 20, 2023
    risk 0.00cvss epss 0.01

    In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300)…

  • CVE-2020-21161Jun 27, 2022
    risk 0.00cvss epss 0.01

    Cross Site Scripting (XSS) vulnerability in Ruckus Wireless ZoneDirector 9.8.3.0.

  • CVE-2020-13919Jul 28, 2020
    risk 0.00cvss epss 0.03

    emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to achieve command injection via a crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d,…

  • CVE-2020-13918Jul 28, 2020
    risk 0.00cvss epss 0.02

    Incorrect access control in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to leak system information (that can be used for a jailbreak) via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500,…

  • CVE-2020-13917Jul 28, 2020
    risk 0.00cvss epss 0.02

    rkscli in Ruckus Wireless Unleashed through 200.7.10.92 allows a remote attacker to achieve command injection and jailbreak the CLI via a crafted CLI command. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s,…

Page 1 of 2