Ruckuswireless

By the Year

In 2026 there have been 0 vulnerabilities in Ruckuswireless. Last year, in 2025 Ruckuswireless had 10 security vulnerabilities published. Right now, Ruckuswireless is on track to have less security vulnerabilities in 2026 than it did last year.

Recent Ruckuswireless Security Vulnerabilities

CVE	Date	Vulnerability	Products
CVE-2025-63735	Nov 25, 2025	Refl. XSS in Ruckus Unleashed 200.13.6.1.319 (guestAccessSubmit.jsp) A reflected Cross site scripting (XSS) vulnerability in Ruckus Unleashed 200.13.6.1.319 via the name parameter to the the captive-portal endpoint selfguestpass/guestAccessSubmit.jsp.	Ruckus Unleashed
CVE-2025-44954	Aug 04, 2025	Ruckus SmartZone <6.1.2p3 Hardcoded SSH Private Key RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account.	Smartzone
CVE-2025-46123	Jul 21, 2025	Ruckus Unleashed/ZoneDirector Format-String RCE via /admin/_conf.jsp An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where the authenticated configuration endpoint `/admin/_conf.jsp` writes the Wi-Fi guest password to memory with snprintf using the attacker-supplied value as the format string; a crafted password therefore triggers uncontrolled format-string processing and enables remote code execution on the controller.	Ruckus Unleashed Ruckus Zonedirector
CVE-2025-46122	Jul 21, 2025	Arbitrary CmdExec via /admin/_cmdstat.jsp in Ruckus Unleashed <200.17.7.0.139 An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the authenticated diagnostics API endpoint `/admin/_cmdstat.jsp` passes attacker-controlled input to the shell without adequate validation, enabling a remote attacker to specify a target by MAC address and execute arbitrary commands as root.	Ruckus Unleashed Ruckus Zonedirector
CVE-2025-46121	Jul 21, 2025	CommScope Ruckus Unleashed unsafe format-string (pre-200.15.6.212.14) An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the functions `stamgr_cfg_adpt_addStaFavourite` and `stamgr_cfg_adpt_addStaIot` pass a client hostname directly to snprintf as the format string. A remote attacker can exploit this flaw either by sending a crafted request to the authenticated endpoint `/admin/_conf.jsp`, or without authentication and without direct network access to the controller by spoofing the MAC address of a favourite station and embedding malicious format specifiers in the DHCP hostname field, resulting in unauthenticated format-string processing and arbitrary code execution on the controller.	Ruckus Unleashed Ruckus Zonedirector
CVE-2025-46120	Jul 21, 2025	CommScope Ruckus Unleashed 200.15.6 & 200.18.7 EJS path-traversal exec An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates outside permitted directories, allowing a remote unauthenticated attacker who can upload a template (e.g., via FTP) to escalate privileges and run arbitrary template code on the controller.	Ruckus Unleashed Ruckus Zonedirector
CVE-2025-46119	Jul 21, 2025	CommScope Ruckus PW Leak via /admin/_cmdstat.jsp pre-200.15.6/10.5.1.0.282 An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where an authenticated request to the management endpoint `/admin/_cmdstat.jsp` discloses the administrator password in a trivially reversible obfuscated form. The same obfuscation method persists in configuration prior to 200.18.7.1.302, allowing anyone who obtains the system configuration to recover the plaintext credentials.	Ruckus Unleashed Ruckus Zonedirector
CVE-2025-46118	Jul 21, 2025	Ruckus Unleashed/ZoneDirector FTP creds Pre-10.5.1.0.279 allow Upload An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279, where hard-coded credentials for the ftpuser account provide FTP access to the controller, enabling a remote attacker to upload or retrieve arbitrary files from writable firmware directories and thereby expose sensitive information or compromise the controller.	Ruckus Unleashed Ruckus Zonedirector
CVE-2025-46117	Jul 21, 2025	Root cmd exec in Ruckus Unleashed/ZoneDirector via .ap_debug.sh An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where a hidden debug script `.ap_debug.sh` invoked from the restricted CLI does not properly sanitize its input, allowing an authenticated attacker to execute arbitrary commands as root on the controller or specified target.	Ruckus Unleashed Ruckus Zonedirector
CVE-2025-46116	Jul 21, 2025	Root Escalation via CLI in CommScope Ruckus Unleashed <200.15.6.212.14 An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command `!v54!` via a management API call and then invoke it to escape the restricted shell and obtain a root shell on the controller.	Ruckus Unleashed Ruckus Zonedirector