Security

The Ruckus Product Security Team is responsible for researching, analyzing and responding to security incident reports related to Ruckus products. This team is the first point of contact for all security incident reports and works directly with Ruckus customers, security researchers, government organizations, consultants, industry security organizations, and other vendors to identify security issues with Ruckus products. This team is also responsible for publishing security advisories and communicating with outside entities regarding mitigation steps for addressing particular security issues with Ruckus products.

Reporting a Security Issue to Ruckus

Ruckus encourages individuals and organizations to report all Ruckus-related product related vulnerabilities and security issues directly to Ruckus via our email alias: commscope-vdp@submit.bugcrowd.com.

A link to the Ruckus Security Incident Response Policy is available here.

Please provide a detailed description of the issue along with sufficient information to reasonably enable Ruckus to reproduce the issue. Please also include a technical contact, list of Ruckus products affected and any other helpful information such as logs and console messages etc.

If you are a currently experiencing a network outage or need help configuring a security feature, please contact Ruckus via any of the contact methods listed on our Contact page.

try NEW advanced search
ID Title Version Release Date Edit Date
031813-2 User authentication bypass vulnerability in ZoneDirector administrative web interface 1 March 25, 2013 March 25, 2013
031813-1 Unauthenticated TCP tunneling on Ruckus devices via SSH server process 1 March 25, 2013 March 25, 2013
111113-2 Authenticated persistent cross site scripting vulnerability in guest pass provisioning web interface on ZoneDirector controllers 1 September 09, 2013 September 09, 2013
111113-1 Authenticated code injection vulnerability in ZoneDirector administrative web interface 1 September 09, 2013 September 09, 2013
10282013 User authentication bypass vulnerability in Ruckus Access Point’s administrative web interface 1 October 28, 2013 October 28, 2013
041414 OpenSSL 1.0.1 library’s “Heart bleed” vulnerability — CVE-2014-0160 1 April 14, 2014 April 14, 2014
070714 OpenSSL 0.9.8, 1.0.0 & 1.0.1 library's vulnerability - CVE-2014-0224 1 July 07, 2014 July 07, 2014
092914 GNU Bash vulnerability - CVE-2014-6271 and CVE-2014-7169 2 September 29, 2014 October 08, 2014
111414 POODLE SSLv3 vulnerability - CVE-2014-3566 1 November 14, 2014 November 14, 2014
123114 Network Time Protocol (NTP) vulnerability - CVE-2014-9295 1 December 31, 2014 December 31, 2014
020215 glibc library vulnerability (commonly referred as ‘Ghost’) - CVE-2015-0235 1 February 02, 2015 February 02, 2015
BSA-2015-001 GNU C Library “GHOST” Vulnerability (CVE-2015-0235) Assessment for Brocade February 13, 2015 May 11, 2016
BSA-2014-002 CVE-2014-3566 - OpenSSL March 10, 2015 April 07, 2017
BSA-2015-002 CVE-2014-9296 - NTP March 19, 2015 May 11, 2016
BSA-2015-003 CVE-2014-3569 - OpenSSL CVE-2014-3570 - OpenSSL CVE-2014-3571 - OpenSSL CVE-2014-3572 - OpenSSL CVE-2014-8275 - OpenSSL CVE-2015-0204 - OpenSSL CVE-2015-0205 - OpenSSL CVE-2015-0206 - OpenSSL April 24, 2015 March 23, 2017
070815 Logjam vulnerability against Diffie-Hellman Key Exchange with TLS Protocol - CVE-2015-0291 1 July 08, 2015 July 08, 2015
071715 Packet Injection Vulnerability on 802.11n MAC Frame Aggregation 1 July 17, 2015 July 17, 2015
072115 X509_verify_cert function vulnerability in OpenSSL - CVE-2015-1793 1 July 21, 2015 July 21, 2015
081215 SSH Login Vulnerability - CVE-2012-1493 1 August 12, 2015 August 12, 2015
090315 Vulnerabilities in OpenSSH Distributions - CVE-2015-5600, CVE-2015-6563, CVE-2015-6564 1 September 03, 2015 September 03, 2015
123015 Vulnerabilities in OpenSSL Distributions - CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196 1 December 30, 2015 December 30, 2015
022916 Vulnerabilities in Linux GNU C (libc) Distributions - CVE-2015-7547 1 February 29, 2016 February 29, 2016
051616 Vulnerabilities in OpenSSL and Related Updates - CVE-2016-0800, CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702, CVE-2016-0703, CVE-2016-0704 1 May 16, 2016 May 16, 2016
071216 Vulnerabilities in OpenSSL and Related Updates - CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176 1 July 12, 2016 July 12, 2016
080216 Vulnerabilities in WebGUI Interface on Ruckus Unmanaged-APs 1 August 02, 2016 August 02, 2016
081516 Linux TCP Flaw - CVE-2016-5696 1 August 15, 2016 August 15, 2016
111116 Linux Kernel Local Privilege Escalation "Dirty Cow" - CVE-2016-5195 1 November 11, 2016 November 11, 2016
022717 Vulnerabilities in OpenSSL – CVE-2017-3730, CVE-2017-3731, CVE-2017- 3732, CVE-2016-6304, CVE-2016-6305 1 February 27, 2017 February 27, 2017
030117 Vulnerabilities in Dropbear SSH – CVE-2016-7406, CVE-2016-7407, CVE- 2016-2408, CVE-2016-2409 1 March 01, 2017 March 01, 2017
BSA-2017-220 CVE-2016-7427 March 31, 2017 March 31, 2017

Working...Please wait

This is here to prevent you from accidentally submitting twice.

The page will automatically refresh.

Alert!!

Close