Security

The Ruckus Product Security Team is responsible for researching, analyzing and responding to security incident reports related to Ruckus products. This team is the first point of contact for all security incident reports and works directly with Ruckus customers, security researchers, government organizations, consultants, industry security organizations, and other vendors to identify security issues with Ruckus products. This team is also responsible for publishing security advisories and communicating with outside entities regarding mitigation steps for addressing particular security issues with Ruckus products.

Reporting a Security Issue to Ruckus

Ruckus encourages individuals and organizations to report all Ruckus-related product related vulnerabilities and security issues directly to Ruckus via our email alias: commscope-vdp@submit.bugcrowd.com.

A link to the Ruckus Security Incident Response Policy is available here.

Please provide a detailed description of the issue along with sufficient information to reasonably enable Ruckus to reproduce the issue. Please also include a technical contact, list of Ruckus products affected and any other helpful information such as logs and console messages etc.

If you are a currently experiencing a network outage or need help configuring a security feature, please contact Ruckus via any of the contact methods listed on our Contact page.

try NEW advanced search
ID Title Version Release Date Edit Date
20240925 RUCKUS AP Remote Code Execution Vulnerability 1.2 October 04, 2024 October 11, 2024
20231128 CVE-2023-49225: RUCKUS AP Stored Cross-Site Scripting Vulnerability 1.0 November 29, 2023 November 29, 2023
20231016 Cloudpath® Persistent XSS and CSRF Vulnerability 1.1 October 16, 2023 November 28, 2023
20230808 CVE-2023-39904, CVE-2023-39905, CVE-2023-39906: ICX XSS and CSRF Vulnerability 1.2 August 08, 2023 August 14, 2023
20230731 RUCKUS Unleashed Authenticated Remote Command Execution Vulnerability 1.1 July 31, 2023 August 01, 2023
20230404 CVE-2022-47522: Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues 1.0 April 04, 2023 April 05, 2023
20230208 CVE-2023-25717: RUCKUS AP Web Vulnerability (RCE/CSRF) 1.2 February 08, 2023 May 18, 2023
20221114 CVE-2022-3602, CVE-2022-3786: OpenSSL Vulnerabilities 1.2 November 14, 2022 November 18, 2022
20211213 CVE-2021-44228: Apache Log4j Vulnerability 1.3 December 13, 2021 December 17, 2021
20210719 RUCKUS SmartZone Reflective Amplification Attack Vulnerability 1.0 July 19, 2021 July 19, 2021
20210525 Multiple Vulnerabilities in RUCKUS IoT Controller (CVE-2021-33221, CVE- 2021-33220, CVE-2021-33219, CVE-2021-33218, CVE-2021-33217, CVE-2021- 33216, and CVE-2021-33215) 1.0 May 25, 2021 May 25, 2021
20210511 RUCKUS AP Aggregation And Fragmentation Attacks Vulnerability (aka “FragAttacks”) 1.1 May 11, 2021 October 15, 2021
20210409 RUCKUS SmartZone Information Disclosure Vulnerability 1.0 April 09, 2021 April 09, 2021
20210129 AP / ZD CLI Passphrase Vulnerability 1.0 January 29, 2021 January 29, 2021
20210114 Ruckus AP LLDP Vulnerability (CVE-2015-8011, CVE-2015-8012) 1.0 January 14, 2021 January 14, 2021
20210108 RUCKUS AP Arbitrary File Read Vulnerability 1.0 January 08, 2021 January 08, 2021
20201026 Ruckus IoT Controller Remote Command Execution Vulnerability (CVE-2020-26878, CVE-2020-26879) 1.1 October 26, 2020 September 11, 2023
20200615 ZoneDirector and Unleashed Unauthenticated Remote Code Execution and Other Vulnerabilities - CVE-2020-13913, CVE-2020-13914, CVE-2020-13915, CVE-2020-13916, CVE-2020-13917, CVE-2020-13918, CVE-2020-13919 1.0 June 15, 2020 June 15, 2020
20200304 Wi-Fi Protected Network and Wi-Fi Protected Network 2 Info Disclosure Vulnerability - Kr00k 1.0 March 04, 2020 March 04, 2020
20200302 Ruckus AP Image Upgrade Vulnerability 1.0 March 02, 2020 March 02, 2020
20200227 DHCP Buffer Overflow in Logging Capability 1.0 February 27, 2020 February 27, 2020
20200205 IoT Controller remote unauthenticated API execution vulnerability (CVE-2020-8005) 1.0 February 05, 2020 February 05, 2020
20191224 ZoneDirector and Unleashed Unauthenticated Remote Code Execution and Other Vulnerabilities 1.5 December 24, 2019 June 12, 2020
20190815 TCP SACK Panic - Kernel Vulnerability (CVE-2019-11477, CVE-2019-11478, CVE-2019-11479) 1.2 August 15, 2019 January 08, 2020
20190603 Ruckus SmartZone Privilege Escalation Vulnerability (CVE-2019-11630) 1.2 June 03, 2019 August 12, 2019
20190528 Zombieload, RIDL, and Fallout Vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2018-11091) 1.0 May 28, 2019 May 28, 2019
20190412 Dragonblood Vulnerabilities - VU#871675 1.0 April 12, 2019 April 12, 2019
20181205 PortSmash Side-Channel Vulnerability (CVE-2018-5407) 1.0 December 05, 2018 December 05, 2018
20181102 Libssh Vulnerabilities - CVE-2018-10933 1.0 November 02, 2018 November 02, 2018
20180917 Automatic DNS Registration and Proxy Autodiscovery Vulnerabilities (VU#598349) 1.0 September 17, 2018 September 17, 2018

Working...Please wait

This is here to prevent you from accidentally submitting twice.

The page will automatically refresh.

Alert!!

Close