Security

The RUCKUS Product Security Team is responsible for researching, analyzing and responding to security incident reports related to RUCKUS products. This team is the first point of contact for all security incident reports and works directly with RUCKUS customers, security researchers, government organizations, consultants, industry security organizations, and other vendors to identify security issues with RUCKUS products. This team is also responsible for publishing security advisories and communicating with outside entities regarding mitigation steps for addressing particular security issues with Ruckus products.

Reporting a Security Issue to Ruckus

RUCKUS encourages individuals and organizations to report all RUCKUS-related product related vulnerabilities and security issues using the form below.

Please see the RUCKUS Security Incident Response Policy for additional information.

Please provide a detailed description of the issue along with sufficient information to reasonably enable RUCKUS to reproduce the issue. Please also include a technical contact, list of RUCKUS products affected and any other helpful information such as logs and console messages etc.

If you are a currently experiencing a network outage or need help configuring a security feature, please contact RUCKUS via any of the contact methods listed on our Contact page.

try NEW advanced search
ID Title Version Release Date Edit Date
20210129 AP / ZD CLI Passphrase Vulnerability 1.0 January 29, 2021 January 29, 2021
111113-1 Authenticated code injection vulnerability in ZoneDirector administrative web interface 1 September 09, 2013 September 09, 2013
111113-2 Authenticated persistent cross site scripting vulnerability in guest pass provisioning web interface on ZoneDirector controllers 1 September 09, 2013 September 09, 2013
20180202 Authenticated Root Command Injection Vulnerabilities in CLI of ZD/Unleashed APs and Web-GUI of Solo/SZ Managed APs (CVE02017-6229, CVE-2017-6230) 1 February 05, 2018 February 05, 2018
092917 Authenticated Root Command Injection Vulnerabilities in Web-GUI of Ruckus Zone Director Controller and Unleashed APs (CVE-2017-6223, CVE-2017-6224) 1 September 29, 2017 September 29, 2017
20180917 Automatic DNS Registration and Proxy Autodiscovery Vulnerabilities (VU#598349) 1.0 September 17, 2018 September 17, 2018
20231016 Cloudpath® Persistent XSS and CSRF Vulnerability 1.1 October 16, 2023 November 28, 2023
BSA-2017-238 CVE-1999-0186 April 28, 2017 April 28, 2017
BSA-2017-239 CVE-1999-0254 April 28, 2017 April 28, 2017
BSA-2017-240 CVE-1999-0472 April 28, 2017 April 28, 2017
BSA-2017-243 CVE-1999-0516 April 28, 2017 April 28, 2017
BSA-2017-244 CVE-1999-0517 April 28, 2017 September 08, 2017
BSA-2017-245 CVE-2000-0147 April 28, 2017 April 28, 2017
BSA-2017-241 CVE-2001-0514 April 28, 2017 April 28, 2017
BSA-2017-319 CVE-2001-0572 June 23, 2017 June 23, 2017
BSA-2017-318 CVE-2001-1473 June 23, 2017 June 23, 2017
BSA-2017-242 CVE-2002-0109 April 28, 2017 April 28, 2017
BSA-2017-269 CVE-2004-1653 May 02, 2017 May 02, 2017
BSA-2017-271 CVE-2004-2761 May 17, 2017 May 17, 2017
BSA-2017-371 CVE-2007-4752 August 25, 2017 August 25, 2017
BSA-2017-266 CVE-2012-5568 May 02, 2017 May 02, 2017
BSA-2017-254 CVE-2013-4548 May 02, 2017 May 02, 2017
BSA-2017-313 CVE-2014-0231 May 17, 2017 September 08, 2017
BSA-2017-246 CVE-2014-1692 April 28, 2017 April 28, 2017
BSA-2017-253 CVE-2014-2532 May 02, 2017 September 08, 2017
BSA-2017-270 CVE-2014-2653 May 17, 2017 September 08, 2017
BSA-2014-002 CVE-2014-3566 - OpenSSL March 10, 2015 April 07, 2017
BSA-2015-003 CVE-2014-3569 - OpenSSL CVE-2014-3570 - OpenSSL CVE-2014-3571 - OpenSSL CVE-2014-3572 - OpenSSL CVE-2014-8275 - OpenSSL CVE-2015-0204 - OpenSSL CVE-2015-0205 - OpenSSL CVE-2015-0206 - OpenSSL April 24, 2015 March 23, 2017
BSA-2015-002 CVE-2014-9296 - NTP March 19, 2015 May 11, 2016
BSA-2017-279 CVE-2015-5178 May 17, 2017 September 08, 2017

Working...Please wait

This is here to prevent you from accidentally submitting twice.

The page will automatically refresh.

Alert!!

Close