RCE/CSRF - RUCKUS Technical Support Response Center

This page is the primary resource for RUCKUS Networks, CommScope customers and partners to address the RUCKUS AP Web Vulnerability (RCE/CSRF) security vulnerability. This page acts as a central home for support links and content to provide more information about the vulnerability, and other technical resources to assist you with the response to the RCE/CSRF vulnerability.

Security Bulletin, FAQs, and Knowledge Base

  • Security Bulletin CVE-2023-25717: RUCKUS AP Web Vulnerability (RCE/CSRF)
  • RCE/CSRF Vulnerability FAQs
    • Q: What if I don’t have an active Support contract with RUCKUS – will I be able to upgrade my software?
      A: Yes. You will be able to obtain the patches that are available for your platform even if you don’t have a current support contract. At this time, a limited time manual support entitlement (1 day validity) will be provided, if your controller falls into the eligibility criteria for the upgrade.
    • Q: What is the eligibility criteria to get one time support exception?
      A: Your Controller (Not Access Point version) should be on a version which is impacted. Access Point model(s) for which you want to apply the fix should be supported by the recommended firmware version.
    • Q: Post upgrade if I am facing any issues (other than controller/AP firmware upgrade) with my controller/Access points, am I eligible to get support?
      A: No, limited time support entitlement is valid only for the upgrade assistance, no additional issues can be reported under limited time support entitlement. We strongly recommend you to purchase the support entitlement for your devices to get all the support benefits. 

RCE/CSRF Technical Resources

RUCKUS Resources

Industry Technical Response and Communications

RCE/CSRF Security Patch Release Schedules - last updated 18 May 2023


Platform  Product Vulnerable? Software Resolution
Vulnerable Release
SmartZone and Virtual SmartZone Yes 5.2.x and earlier versions Upgrade to 5.2.2MR2 or later release
RUCKUS SmartZone (FIPS> and Virtual SmartZone (FIPS) Yes 5.1.2.3 and older
5.2.1.3 and later versions 
ZoneDirector 
Yes 10.4.0 and earlier  
Upgrade to 10.4.1.257 (GA Refresh 4) or later 
Access Points - Indoor and Outdoor 
Yes 114.0.0.0.5562 and earlier 
Upgrade to 114.0.0.0.6565 or later  
Cloudpath
No Not Applicable Not Applicable
RUCKUS Network Director (RND) 
No Not Applicable
Not Applicable
Unleashed and Unleashed Multi-Site Manager (UMM) 
No Not Vulnerable Not Applicable
SPoT/vSPoT No Not Applicable
Not Applicable
SmartZone Data Plane and Virtual SmartZone Data Plane No Not Applicable
Not Applicable
RUCKUS Analytics No Not Applicable
Not Applicable
Mobile Apps No Not Applicable
Not Applicable
RUCKUS LTE (CBRS)  No Not Vulnerable
Not Applicable
ICX Switches No Not Applicable
Not Applicable
FlexMaster No Not Applicable
Not Applicable
IoT No Not Applicable
Not Applicable
RUCKUS Cloud No Not Applicable
Not Applicable
SCI No Not Applicable
Not Applicable

RUCKUS Engineering and TAC have continued to support security fixes for the 802.11ac Wave 1 and 802.11n Access Points on a best-effort basis for models which are now past their End of Maintenance (EOM) dates and End of Support dates.

We are several years past the EOM dates for the 802.11n access points, and nearly all 802.11n access points have reached or will reach their End of Support date (four years after EOM date)* on or before 31 December 2021. At this time, there is no fix planned for EOL devices. We advise customers to use the workaround as it is equally effective.

Due to the increasing-age of both the 802.11ac Wave 1 APs and the 802.11n APs, RUCKUS recommends upgrading to newer Access Points. Replacement APs are detailed at https://www.ruckusnetworks.com/products/wireless-access-points

* Most models reached their EOM dates between 2014 and 2018, with the latest EOM date as 30 April 2020 for the 7781-CM. More than half of the 11n APs have also reached End of Support dates by 31 January 2021 or earlier (2942, 7962, 7341, 7343, 7351, 7363, 7025, 7441, 7762-AC, 7762-S, 7762-T, 7761-CM, 7321), with most of the remaining AP models reaching End of Support on 31 December 2021 (7731, 7782, 7782-N, 7782-S, 7782-E, 7982, 7372, 7352, 7055), except the R300 (End of Support on 1 November 2022) and the 7781-CM (End of Support on 30 April 2024).

CommScope RUCKUS End of Life policy and milestone dates documentation are available at https://support.ruckuswireless.com/product_families/4-eol-ruckus-products

Working...Please wait

This is here to prevent you from accidentally submitting twice.

The page will automatically refresh.

Alert!!

Close