Lucene search
K

120 matches found

CNNVD
CNNVD
added 2025/08/04 12:0 a.m.3 views

RUCKUS SmartZone 安全漏洞

RUCKUS SmartZone is a network controller from RUCKUS. A security vulnerability exists in versions prior to RUCKUS SmartZone 6.1.2p3 Refresh Build, which stems from a vulnerability that allows files to be read via... /directory traversal to read files...

5CVSS9.1AI score0.00735EPSS
Exploits0References4
CVE
CVE
added 2025/08/04 12:0 a.m.33 views

CVE-2025-44960

CVE-2025-44960 affects RUCKUS SmartZone (SZ) prior to 6.1.2p3 Refresh Build, allowing OS command injection via a parameter in an API route. Technical details across connected sources confirm an OS command-injection vulnerability in SZ’s API handling, with elevated risk when exploited remotely (ne...

8.8CVSS8.9AI score0.01772EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2025/08/04 12:0 a.m.47 views

CVE-2025-44954

The CVE-2025-44954 issue affects RUCKUS SmartZone (SZ) prior to 6.1.2p3 Refresh Build, where a hardcoded SSH private key for a root-equivalent user enables privilege-level access. PT-Security summarizes multiple vSZ/RND flaws (including hardcoded keys, authentication bypass, and untrusted paramet...

9.8CVSS8.7AI score0.0072EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2025/08/04 12:0 a.m.49 views

CVE-2025-44957

CVE-2025-44957 affects Ruckus SmartZone (SZ) prior to 6.1.2p3 Refresh Build. The issue enables authentication bypass using a valid API key and crafted HTTP headers, potentially granting administrator access. Connected PT security notes corroborate the affected software and specify that the workar...

8.8CVSS8.8AI score0.00891EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2025/08/04 12:0 a.m.29 views

CVE-2025-44961

CVE-2025-44961 affects RUCKUS SmartZone (SZ) prior to 6.1.2p3 Refresh Build. Affected component: OS running within SZ; root cause is an OS command injection via an IP address field supplied by an authenticated user. Impact stated in sources includes OS command execution with high confidentiality/...

9.9CVSS8.9AI score0.02044EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/07/09 12:0 a.m.5 views

PT-2025-28952 · Ruckus +1 · Smartzone +2

Name of the Vulnerable Software and Affected Versions: RUCKUS SmartZone SZ versions prior to 6.1.2p3 Refresh Build Description: RUCKUS SmartZone SZ is susceptible to a directory traversal issue that allows unauthorized access to files. The issue is caused by insufficient validation of user-suppli...

5CVSS8.7AI score0.00735EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/07/09 12:0 a.m.4 views

PT-2025-28950 · Ruckus +1 · Smartzone +2

Name of the Vulnerable Software and Affected Versions: RUCKUS SmartZone SZ versions prior to 6.1.2p3 Refresh Build Description: RUCKUS SmartZone SZ is susceptible to an OS command injection issue through a specific parameter within an API route. Recommendations: Update RUCKUS SmartZone SZ to...

8.8CVSS9.3AI score0.01772EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/07/09 12:0 a.m.7 views

PT-2025-28949 · Ruckus · Network Director

Name of the Vulnerable Software and Affected Versions: RUCKUS Network Director versions prior to 4.5 Description: RUCKUS Network Director RND stores passwords in a recoverable format. Recommendations: Update RUCKUS Network Director to version 4.5 or later...

5.3CVSS8.5AI score0.00351EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/07/09 12:0 a.m.6 views

PT-2025-28948 · Ruckus +1 · Smartzone +2

Name of the Vulnerable Software and Affected Versions: Ruckus SmartZone versions prior to 6.1.2p3 Refresh Build Description: The software allows authentication bypass via a valid API key and crafted HTTP headers. This issue affects enterprise wireless networks. Recommendations: Update to version...

8.8CVSS9.1AI score0.00891EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/07/09 12:0 a.m.4 views

PT-2025-28947 · Ruckus · Network Director

Name of the Vulnerable Software and Affected Versions: RUCKUS Network Director versions prior to 4.5 Description: RUCKUS Network Director allows jailed users to obtain root access via a weak, hardcoded password. Recommendations: Update RUCKUS Network Director to version 4.5 or later...

8.8CVSS8.4AI score0.00453EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/07/09 12:0 a.m.3 views

PT-2025-28951 · Ruckus +1 · Smartzone +2

Name of the Vulnerable Software and Affected Versions: RUCKUS SmartZone SZ versions prior to 6.1.2p3 Refresh Build Description: An OS command injection can occur via an IP address field provided by an authenticated user. Recommendations: Update RUCKUS SmartZone SZ to version 6.1.2p3 Refresh Build...

9.9CVSS9.2AI score0.02044EPSS
Exploits0References10
CERT
CERT
added 2025/07/08 12:0 a.m.47 views

RUCKUS Virtual SmartZone (vSZ) and RUCKUS Network Director (RND) contain multiple vulnerabilities

Overview Multiple vulnerabilities have been identified in RUCKUS Networks management products, specifically Virtual SmartZone vSZ and Network Director RND, including authentication bypass, hardcoded secrets, arbitrary file read by authenticated users, and unauthenticated remote code execution...

9.9CVSS10AI score0.02044EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 9:13 p.m.8 views

CVE-2021-36630

DDOS reflection amplification vulnerability in eAut module of Ruckus Wireless SmartZone controller that allows remote attackers to perform DOS attacks via crafted request...

7.5CVSS7AI score0.02355EPSS
Exploits1
OSV
OSV
added 2023/12/07 7:15 a.m.4 views

CVE-2023-49225

A cross-site-scripting vulnerability exists in Ruckus Access Point products ZoneDirector, SmartZone, and AP Solo. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. As for the affected products/models/versions, see...

6.1CVSS5.8AI score0.00414EPSS
Exploits0References2
CVE
CVE
added 2023/12/07 6:22 a.m.53 views

CVE-2023-49225

CVE-2023-49225 describes a cross-site scripting (XSS) vulnerability in Ruckus Access Point family including ZoneDirector, SmartZone, and AP Solo. An attacker could cause arbitrary script execution in the web browser of a user logging into the product. Affected versions vary by product; vendor gui...

6.1CVSS6.3AI score0.00414EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/06 12:0 a.m.5 views

PT-2023-31119 · Ruckus · Zonedirector +3

Name of the Vulnerable Software and Affected Versions: Ruckus Access Point products ZoneDirector, SmartZone, and AP Solo affected versions not specified Description: A cross-site-scripting issue exists in the products, allowing an arbitrary script to be executed on the user's web browser during...

6.1CVSS6.1AI score0.00414EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/12/01 5:58 a.m.3 views

Ruckus Access Point contains a cross-site scripting vulnerability.

Overview Ruckus Access Point provided by CommScope, Inc. contains a cross-site scripting vulnerability CWE-79. MUNEHIRO SHIRATANI of AGEST,Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

6.1CVSS6AI score0.00414EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/12/01 12:0 a.m.6 views

CommScope AP Solo, SmartZone, ZoneDirector Cross-Site Scripting Vulnerabilities

CommScope AP Solo is a series of wireless access points from CommScope, Inc. A security vulnerability exists in CommScope AP Solo, SmartZone, and ZoneDirector. An attacker could exploit the vulnerability to execute arbitrary scripts on a user's web browser...

6.1CVSS7.2AI score0.00414EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/12/01 12:0 a.m.38 views

JVN#45891816: Ruckus Access Point vulnerable to cross-site scripting

Ruckus Access Point provided by CommScope, Inc. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is logging in the product. Solution Update the Software Update the software to the latest version according to the...

6.1CVSS6.1AI score0.00414EPSS
Exploits0
Openbugbounty
Openbugbounty
added 2023/08/17 11:58 a.m.18 views

smartzone-it.com Cross Site Scripting vulnerability OBB-3587615

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Rows per page
Query Builder