Security
The RUCKUS Product Security Team is responsible for researching, analyzing and responding to security incident reports related to RUCKUS products. This team is the first point of contact for all security incident reports and works directly with RUCKUS customers, security researchers, government organizations, consultants, industry security organizations, and other vendors to identify security issues with RUCKUS products. This team is also responsible for publishing security advisories and communicating with outside entities regarding mitigation steps for addressing particular security issues with Ruckus products.
Reporting a Security Issue to Ruckus
RUCKUS encourages individuals and organizations to report all RUCKUS-related product related vulnerabilities and security issues using the form below.
Please see the RUCKUS Security Incident Response Policy for additional information.
Please provide a detailed description of the issue along with sufficient information to reasonably enable RUCKUS to reproduce the issue. Please also include a technical contact, list of RUCKUS products affected and any other helpful information such as logs and console messages etc.
If you are a currently experiencing a network outage or need help configuring a security feature, please contact RUCKUS via any of the contact methods listed on our Contact page.
| ID | Title | Version | Release Date | Edit Date |
|---|---|---|---|---|
| 090315 | Vulnerabilities in OpenSSH Distributions - CVE-2015-5600, CVE-2015-6563, CVE-2015-6564 | 1 | September 03, 2015 | September 03, 2015 |
| 081215 | SSH Login Vulnerability - CVE-2012-1493 | 1 | August 12, 2015 | August 12, 2015 |
| 072115 | X509_verify_cert function vulnerability in OpenSSL - CVE-2015-1793 | 1 | July 21, 2015 | July 21, 2015 |
| 071715 | Packet Injection Vulnerability on 802.11n MAC Frame Aggregation | 1 | July 17, 2015 | July 17, 2015 |
| 070815 | Logjam vulnerability against Diffie-Hellman Key Exchange with TLS Protocol - CVE-2015-0291 | 1 | July 08, 2015 | July 08, 2015 |
| 020215 | glibc library vulnerability (commonly referred as ‘Ghost’) - CVE-2015-0235 | 1 | February 02, 2015 | February 02, 2015 |
| 123114 | Network Time Protocol (NTP) vulnerability - CVE-2014-9295 | 1 | December 31, 2014 | December 31, 2014 |
| 111414 | POODLE SSLv3 vulnerability - CVE-2014-3566 | 1 | November 14, 2014 | November 14, 2014 |
| 070714 | OpenSSL 0.9.8, 1.0.0 & 1.0.1 library's vulnerability - CVE-2014-0224 | 1 | July 07, 2014 | July 07, 2014 |
| 041414 | OpenSSL 1.0.1 library’s “Heart bleed” vulnerability — CVE-2014-0160 | 1 | April 14, 2014 | April 14, 2014 |
| 10282013 | User authentication bypass vulnerability in Ruckus Access Point’s administrative web interface | 1 | October 28, 2013 | October 28, 2013 |
| 111113-1 | Authenticated code injection vulnerability in ZoneDirector administrative web interface | 1 | September 09, 2013 | September 09, 2013 |
| 111113-2 | Authenticated persistent cross site scripting vulnerability in guest pass provisioning web interface on ZoneDirector controllers | 1 | September 09, 2013 | September 09, 2013 |
| 031813-1 | Unauthenticated TCP tunneling on Ruckus devices via SSH server process | 1 | March 25, 2013 | March 25, 2013 |
| 031813-2 | User authentication bypass vulnerability in ZoneDirector administrative web interface | 1 | March 25, 2013 | March 25, 2013 |
| 20180202 | Authenticated Root Command Injection Vulnerabilities in CLI of ZD/Unleashed APs and Web-GUI of Solo/SZ Managed APs (CVE02017-6229, CVE-2017-6230) | 1 | February 05, 2018 | February 05, 2018 |
| 20180203 | Java JMX and RMI security vulnerabilities (CVE-2017-15708, CVE-2016-8735) | 1 | February 13, 2018 | February 13, 2018 |
| 20180226 | XSS vulnerability in Ruckus ICX FastIron - (CVE-2013-6786) | 1 | February 26, 2018 | February 26, 2018 |
| 20180427 | SmartZone Security Best Practices for Network Security | 1 | April 28, 2018 | April 28, 2018 |
| 20180319 | Security vulnerabilities addressed by NTP (CVE-2016-1549, CVE-2018-7182, CVE-2018-7170, CVE-2018-7184, CVE-2018-7185, CVE-2018-7183) | 1.0 | March 19, 2018 | March 19, 2018 |
| 20180601 | Vulnerabilities in Openssl (CVE-201703738, CVE-2018-0733, CVE-2018-0739) | 1.0 | June 01, 2018 | June 01, 2018 |
| 20180618 | SPECTRE-NG Vulnerabilities - (CVE-2018-3639, CVE-2018-3640) | 1.0 | June 18, 2018 | June 18, 2018 |
| 20180816 | Dictionary attacks on WiFi Protected Access (WPA & WPA2) Protocols | 1.0 | August 16, 2018 | August 16, 2018 |
| 20180116 | Intel Management Engine impersonation security vulnerabilities (CVE-2017-5711, CVE-2017-5712) | 1.0 | January 16, 2018 | January 16, 2018 |
| 20180906 | Intel Speculative Execution Vulnerabilities (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646) | 1.0 | September 06, 2018 | September 06, 2018 |
| 20180917 | Automatic DNS Registration and Proxy Autodiscovery Vulnerabilities (VU#598349) | 1.0 | September 17, 2018 | September 17, 2018 |
| 20181102 | Libssh Vulnerabilities - CVE-2018-10933 | 1.0 | November 02, 2018 | November 02, 2018 |
| 20181205 | PortSmash Side-Channel Vulnerability (CVE-2018-5407) | 1.0 | December 05, 2018 | December 05, 2018 |
| 20190412 | Dragonblood Vulnerabilities - VU#871675 | 1.0 | April 12, 2019 | April 12, 2019 |
| 20190528 | Zombieload, RIDL, and Fallout Vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2018-11091) | 1.0 | May 28, 2019 | May 28, 2019 |