Security
The RUCKUS Product Security Team is responsible for researching, analyzing and responding to security incident reports related to RUCKUS products. This team is the first point of contact for all security incident reports and works directly with RUCKUS customers, security researchers, government organizations, consultants, industry security organizations, and other vendors to identify security issues with RUCKUS products. This team is also responsible for publishing security advisories and communicating with outside entities regarding mitigation steps for addressing particular security issues with Ruckus products.
Reporting a Security Issue to Ruckus
RUCKUS encourages individuals and organizations to report all RUCKUS-related product related vulnerabilities and security issues using the form below.
Please see the RUCKUS Security Incident Response Policy for additional information.
Please provide a detailed description of the issue along with sufficient information to reasonably enable RUCKUS to reproduce the issue. Please also include a technical contact, list of RUCKUS products affected and any other helpful information such as logs and console messages etc.
If you are a currently experiencing a network outage or need help configuring a security feature, please contact RUCKUS via any of the contact methods listed on our Contact page.
| ID | Title | Version | Release Date | Edit Date |
|---|---|---|---|---|
| 20180816 | Dictionary attacks on WiFi Protected Access (WPA & WPA2) Protocols | 1.0 | August 16, 2018 | August 16, 2018 |
| 20190412 | Dragonblood Vulnerabilities - VU#871675 | 1.0 | April 12, 2019 | April 12, 2019 |
| 020215 | glibc library vulnerability (commonly referred as ‘Ghost’) - CVE-2015-0235 | 1 | February 02, 2015 | February 02, 2015 |
| 092914 | GNU Bash vulnerability - CVE-2014-6271 and CVE-2014-7169 | 2 | September 29, 2014 | October 08, 2014 |
| BSA-2015-001 | GNU C Library “GHOST” Vulnerability (CVE-2015-0235) Assessment for Brocade | February 13, 2015 | May 11, 2016 | |
| 20180116 | Intel Management Engine impersonation security vulnerabilities (CVE-2017-5711, CVE-2017-5712) | 1.0 | January 16, 2018 | January 16, 2018 |
| 20180906 | Intel Speculative Execution Vulnerabilities (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646) | 1.0 | September 06, 2018 | September 06, 2018 |
| 20200205 | IoT Controller remote unauthenticated API execution vulnerability (CVE-2020-8005) | 1.0 | February 05, 2020 | February 05, 2020 |
| 20180203 | Java JMX and RMI security vulnerabilities (CVE-2017-15708, CVE-2016-8735) | 1 | February 13, 2018 | February 13, 2018 |
| 20181102 | Libssh Vulnerabilities - CVE-2018-10933 | 1.0 | November 02, 2018 | November 02, 2018 |
| 111116 | Linux Kernel Local Privilege Escalation "Dirty Cow" - CVE-2016-5195 | 1 | November 11, 2016 | November 11, 2016 |
| 20180815 | Linux Kernel TCP Reassembly Algorithm Remote DOS Vulnerability (CVE-2018-5390) | 1.3 | August 15, 2018 | January 16, 2019 |
| 081516 | Linux TCP Flaw - CVE-2016-5696 | 1 | August 15, 2016 | August 15, 2016 |
| 070815 | Logjam vulnerability against Diffie-Hellman Key Exchange with TLS Protocol - CVE-2015-0291 | 1 | July 08, 2015 | July 08, 2015 |
| 101617 | Multiple Vulnerabilities discovered in 4-way handshake of WPA2 protocols - (KRACK: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) | 1.12 | October 16, 2017 | December 21, 2017 |
| 101717 | Multiple Vulnerabilities discovered in RSA key generation within Infineon TPM | 1 | October 17, 2017 | October 17, 2017 |
| 112717 | Multiple Vulnerabilities in DNSMASQ (CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496, CVE-2017-13704, CVE-2015-3294) | 1 | November 27, 2017 | November 27, 2017 |
| 20210525 | Multiple Vulnerabilities in RUCKUS IoT Controller (CVE-2021-33221, CVE- 2021-33220, CVE-2021-33219, CVE-2021-33218, CVE-2021-33217, CVE-2021- 33216, and CVE-2021-33215) | 1.0 | May 25, 2021 | May 25, 2021 |
| BSA-2017-236 | N/A | April 28, 2017 | April 28, 2017 | |
| 123114 | Network Time Protocol (NTP) vulnerability - CVE-2014-9295 | 1 | December 31, 2014 | December 31, 2014 |
| 070714 | OpenSSL 0.9.8, 1.0.0 & 1.0.1 library's vulnerability - CVE-2014-0224 | 1 | July 07, 2014 | July 07, 2014 |
| 041414 | OpenSSL 1.0.1 library’s “Heart bleed” vulnerability — CVE-2014-0160 | 1 | April 14, 2014 | April 14, 2014 |
| 071715 | Packet Injection Vulnerability on 802.11n MAC Frame Aggregation | 1 | July 17, 2015 | July 17, 2015 |
| 111414 | POODLE SSLv3 vulnerability - CVE-2014-3566 | 1 | November 14, 2014 | November 14, 2014 |
| 20181205 | PortSmash Side-Channel Vulnerability (CVE-2018-5407) | 1.0 | December 05, 2018 | December 05, 2018 |
| 20250710 | Reported vulnerabilities in RUCKUS SmartZone and RUCKUS Network Director: CVE-2025-44957, CVE-2025-44962 ... | 1.5 | July 10, 2025 | July 23, 2025 |
| 20210511 | RUCKUS AP Aggregation And Fragmentation Attacks Vulnerability (aka “FragAttacks”) | 1.1 | May 11, 2021 | October 15, 2021 |
| 20210108 | RUCKUS AP Arbitrary File Read Vulnerability | 1.0 | January 08, 2021 | January 08, 2021 |
| 20200302 | Ruckus AP Image Upgrade Vulnerability | 1.0 | March 02, 2020 | March 02, 2020 |
| 20210114 | Ruckus AP LLDP Vulnerability (CVE-2015-8011, CVE-2015-8012) | 1.0 | January 14, 2021 | January 14, 2021 |