120 matches found
RUCKUS SmartZone 安全漏洞
RUCKUS SmartZone is a network controller from RUCKUS. A security vulnerability exists in versions prior to RUCKUS SmartZone 6.1.2p3 Refresh Build, which stems from a vulnerability that allows files to be read via... /directory traversal to read files...
CVE-2025-44960
CVE-2025-44960 affects RUCKUS SmartZone (SZ) prior to 6.1.2p3 Refresh Build, allowing OS command injection via a parameter in an API route. Technical details across connected sources confirm an OS command-injection vulnerability in SZ’s API handling, with elevated risk when exploited remotely (ne...
CVE-2025-44954
The CVE-2025-44954 issue affects RUCKUS SmartZone (SZ) prior to 6.1.2p3 Refresh Build, where a hardcoded SSH private key for a root-equivalent user enables privilege-level access. PT-Security summarizes multiple vSZ/RND flaws (including hardcoded keys, authentication bypass, and untrusted paramet...
CVE-2025-44957
CVE-2025-44957 affects Ruckus SmartZone (SZ) prior to 6.1.2p3 Refresh Build. The issue enables authentication bypass using a valid API key and crafted HTTP headers, potentially granting administrator access. Connected PT security notes corroborate the affected software and specify that the workar...
CVE-2025-44961
CVE-2025-44961 affects RUCKUS SmartZone (SZ) prior to 6.1.2p3 Refresh Build. Affected component: OS running within SZ; root cause is an OS command injection via an IP address field supplied by an authenticated user. Impact stated in sources includes OS command execution with high confidentiality/...
PT-2025-28952 · Ruckus +1 · Smartzone +2
Name of the Vulnerable Software and Affected Versions: RUCKUS SmartZone SZ versions prior to 6.1.2p3 Refresh Build Description: RUCKUS SmartZone SZ is susceptible to a directory traversal issue that allows unauthorized access to files. The issue is caused by insufficient validation of user-suppli...
PT-2025-28950 · Ruckus +1 · Smartzone +2
Name of the Vulnerable Software and Affected Versions: RUCKUS SmartZone SZ versions prior to 6.1.2p3 Refresh Build Description: RUCKUS SmartZone SZ is susceptible to an OS command injection issue through a specific parameter within an API route. Recommendations: Update RUCKUS SmartZone SZ to...
PT-2025-28949 · Ruckus · Network Director
Name of the Vulnerable Software and Affected Versions: RUCKUS Network Director versions prior to 4.5 Description: RUCKUS Network Director RND stores passwords in a recoverable format. Recommendations: Update RUCKUS Network Director to version 4.5 or later...
PT-2025-28948 · Ruckus +1 · Smartzone +2
Name of the Vulnerable Software and Affected Versions: Ruckus SmartZone versions prior to 6.1.2p3 Refresh Build Description: The software allows authentication bypass via a valid API key and crafted HTTP headers. This issue affects enterprise wireless networks. Recommendations: Update to version...
PT-2025-28947 · Ruckus · Network Director
Name of the Vulnerable Software and Affected Versions: RUCKUS Network Director versions prior to 4.5 Description: RUCKUS Network Director allows jailed users to obtain root access via a weak, hardcoded password. Recommendations: Update RUCKUS Network Director to version 4.5 or later...
PT-2025-28951 · Ruckus +1 · Smartzone +2
Name of the Vulnerable Software and Affected Versions: RUCKUS SmartZone SZ versions prior to 6.1.2p3 Refresh Build Description: An OS command injection can occur via an IP address field provided by an authenticated user. Recommendations: Update RUCKUS SmartZone SZ to version 6.1.2p3 Refresh Build...
RUCKUS Virtual SmartZone (vSZ) and RUCKUS Network Director (RND) contain multiple vulnerabilities
Overview Multiple vulnerabilities have been identified in RUCKUS Networks management products, specifically Virtual SmartZone vSZ and Network Director RND, including authentication bypass, hardcoded secrets, arbitrary file read by authenticated users, and unauthenticated remote code execution...
CVE-2021-36630
DDOS reflection amplification vulnerability in eAut module of Ruckus Wireless SmartZone controller that allows remote attackers to perform DOS attacks via crafted request...
CVE-2023-49225
A cross-site-scripting vulnerability exists in Ruckus Access Point products ZoneDirector, SmartZone, and AP Solo. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. As for the affected products/models/versions, see...
CVE-2023-49225
CVE-2023-49225 describes a cross-site scripting (XSS) vulnerability in Ruckus Access Point family including ZoneDirector, SmartZone, and AP Solo. An attacker could cause arbitrary script execution in the web browser of a user logging into the product. Affected versions vary by product; vendor gui...
PT-2023-31119 · Ruckus · Zonedirector +3
Name of the Vulnerable Software and Affected Versions: Ruckus Access Point products ZoneDirector, SmartZone, and AP Solo affected versions not specified Description: A cross-site-scripting issue exists in the products, allowing an arbitrary script to be executed on the user's web browser during...
Ruckus Access Point contains a cross-site scripting vulnerability.
Overview Ruckus Access Point provided by CommScope, Inc. contains a cross-site scripting vulnerability CWE-79. MUNEHIRO SHIRATANI of AGEST,Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...
CommScope AP Solo, SmartZone, ZoneDirector Cross-Site Scripting Vulnerabilities
CommScope AP Solo is a series of wireless access points from CommScope, Inc. A security vulnerability exists in CommScope AP Solo, SmartZone, and ZoneDirector. An attacker could exploit the vulnerability to execute arbitrary scripts on a user's web browser...
JVN#45891816: Ruckus Access Point vulnerable to cross-site scripting
Ruckus Access Point provided by CommScope, Inc. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is logging in the product. Solution Update the Software Update the software to the latest version according to the...
smartzone-it.com Cross Site Scripting vulnerability OBB-3587615
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...