Security
The RUCKUS Product Security Team is responsible for researching, analyzing and responding to security incident reports related to RUCKUS products. This team is the first point of contact for all security incident reports and works directly with RUCKUS customers, security researchers, government organizations, consultants, industry security organizations, and other vendors to identify security issues with RUCKUS products. This team is also responsible for publishing security advisories and communicating with outside entities regarding mitigation steps for addressing particular security issues with Ruckus products.
Reporting a Security Issue to Ruckus
RUCKUS encourages individuals and organizations to report all RUCKUS-related product related vulnerabilities and security issues using the form below.
Please see the RUCKUS Security Incident Response Policy for additional information.
Please provide a detailed description of the issue along with sufficient information to reasonably enable RUCKUS to reproduce the issue. Please also include a technical contact, list of RUCKUS products affected and any other helpful information such as logs and console messages etc.
If you are a currently experiencing a network outage or need help configuring a security feature, please contact RUCKUS via any of the contact methods listed on our Contact page.
ID | Title | Version | Release Date | Edit Date |
---|---|---|---|---|
20210129 | AP / ZD CLI Passphrase Vulnerability | 1.0 | January 29, 2021 | January 29, 2021 |
111113-1 | Authenticated code injection vulnerability in ZoneDirector administrative web interface | 1 | September 09, 2013 | September 09, 2013 |
111113-2 | Authenticated persistent cross site scripting vulnerability in guest pass provisioning web interface on ZoneDirector controllers | 1 | September 09, 2013 | September 09, 2013 |
20180202 | Authenticated Root Command Injection Vulnerabilities in CLI of ZD/Unleashed APs and Web-GUI of Solo/SZ Managed APs (CVE02017-6229, CVE-2017-6230) | 1 | February 05, 2018 | February 05, 2018 |
092917 | Authenticated Root Command Injection Vulnerabilities in Web-GUI of Ruckus Zone Director Controller and Unleashed APs (CVE-2017-6223, CVE-2017-6224) | 1 | September 29, 2017 | September 29, 2017 |
20180917 | Automatic DNS Registration and Proxy Autodiscovery Vulnerabilities (VU#598349) | 1.0 | September 17, 2018 | September 17, 2018 |
20231016 | Cloudpath® Persistent XSS and CSRF Vulnerability | 1.1 | October 16, 2023 | November 28, 2023 |
BSA-2017-238 | CVE-1999-0186 | April 28, 2017 | April 28, 2017 | |
BSA-2017-239 | CVE-1999-0254 | April 28, 2017 | April 28, 2017 | |
BSA-2017-240 | CVE-1999-0472 | April 28, 2017 | April 28, 2017 | |
BSA-2017-243 | CVE-1999-0516 | April 28, 2017 | April 28, 2017 | |
BSA-2017-244 | CVE-1999-0517 | April 28, 2017 | September 08, 2017 | |
BSA-2017-245 | CVE-2000-0147 | April 28, 2017 | April 28, 2017 | |
BSA-2017-241 | CVE-2001-0514 | April 28, 2017 | April 28, 2017 | |
BSA-2017-319 | CVE-2001-0572 | June 23, 2017 | June 23, 2017 | |
BSA-2017-318 | CVE-2001-1473 | June 23, 2017 | June 23, 2017 | |
BSA-2017-242 | CVE-2002-0109 | April 28, 2017 | April 28, 2017 | |
BSA-2017-269 | CVE-2004-1653 | May 02, 2017 | May 02, 2017 | |
BSA-2017-271 | CVE-2004-2761 | May 17, 2017 | May 17, 2017 | |
BSA-2017-371 | CVE-2007-4752 | August 25, 2017 | August 25, 2017 | |
BSA-2017-266 | CVE-2012-5568 | May 02, 2017 | May 02, 2017 | |
BSA-2017-254 | CVE-2013-4548 | May 02, 2017 | May 02, 2017 | |
BSA-2017-313 | CVE-2014-0231 | May 17, 2017 | September 08, 2017 | |
BSA-2017-246 | CVE-2014-1692 | April 28, 2017 | April 28, 2017 | |
BSA-2017-253 | CVE-2014-2532 | May 02, 2017 | September 08, 2017 | |
BSA-2017-270 | CVE-2014-2653 | May 17, 2017 | September 08, 2017 | |
BSA-2014-002 | CVE-2014-3566 - OpenSSL | March 10, 2015 | April 07, 2017 | |
BSA-2015-003 | CVE-2014-3569 - OpenSSL CVE-2014-3570 - OpenSSL CVE-2014-3571 - OpenSSL CVE-2014-3572 - OpenSSL CVE-2014-8275 - OpenSSL CVE-2015-0204 - OpenSSL CVE-2015-0205 - OpenSSL CVE-2015-0206 - OpenSSL | April 24, 2015 | March 23, 2017 | |
BSA-2015-002 | CVE-2014-9296 - NTP | March 19, 2015 | May 11, 2016 | |
BSA-2017-279 | CVE-2015-5178 | May 17, 2017 | September 08, 2017 |