Skip to main content

Ruckus Smartzone Firmware

5 CVEs product

Monthly

CVE-2025-44962 MEDIUM This Month

RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ directory traversal to read files. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ruckus Network Director Ruckus Smartzone Firmware
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-44961 CRITICAL This Week

In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Ruckus Network Director Ruckus Smartzone Firmware
NVD
CVSS 3.1
9.9
EPSS
0.2%
CVE-2025-44960 HIGH This Month

RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Ruckus Network Director Ruckus Smartzone Firmware
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-44957 HIGH This Month

Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Ruckus Network Director Ruckus Smartzone Firmware
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-44954 CRITICAL This Week

RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ruckus Smartzone Firmware
NVD
CVSS 3.1
9.0
EPSS
0.1%
EPSS 0% CVSS 5.0
MEDIUM This Month

RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ directory traversal to read files. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ruckus Network Director Ruckus Smartzone Firmware
NVD
EPSS 0% CVSS 9.9
CRITICAL This Week

In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Ruckus Network Director Ruckus Smartzone Firmware
NVD
EPSS 0% CVSS 8.5
HIGH This Month

RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Ruckus Network Director Ruckus Smartzone Firmware
NVD
EPSS 0% CVSS 8.5
HIGH This Month

Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Ruckus Network Director Ruckus Smartzone Firmware
NVD
EPSS 0% CVSS 9.0
CRITICAL This Week

RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ruckus Smartzone Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy