Security
The RUCKUS Product Security Team is responsible for researching, analyzing and responding to security incident reports related to RUCKUS products. This team is the first point of contact for all security incident reports and works directly with RUCKUS customers, security researchers, government organizations, consultants, industry security organizations, and other vendors to identify security issues with RUCKUS products. This team is also responsible for publishing security advisories and communicating with outside entities regarding mitigation steps for addressing particular security issues with Ruckus products.
Reporting a Security Issue to Ruckus
RUCKUS encourages individuals and organizations to report all RUCKUS-related product related vulnerabilities and security issues using the form below.
Please see the RUCKUS Security Incident Response Policy for additional information.
Please provide a detailed description of the issue along with sufficient information to reasonably enable RUCKUS to reproduce the issue. Please also include a technical contact, list of RUCKUS products affected and any other helpful information such as logs and console messages etc.
If you are a currently experiencing a network outage or need help configuring a security feature, please contact RUCKUS via any of the contact methods listed on our Contact page.
| ID | Title | Version | Release Date | Edit Date |
|---|---|---|---|---|
| 20200615 | ZoneDirector and Unleashed Unauthenticated Remote Code Execution and Other Vulnerabilities - CVE-2020-13913, CVE-2020-13914, CVE-2020-13915, CVE-2020-13916, CVE-2020-13917, CVE-2020-13918, CVE-2020-13919 | 1.0 | June 15, 2020 | June 15, 2020 |
| 20191224 | ZoneDirector and Unleashed Unauthenticated Remote Code Execution and Other Vulnerabilities | 1.5 | December 24, 2019 | June 12, 2020 |
| 20190528 | Zombieload, RIDL, and Fallout Vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2018-11091) | 1.0 | May 28, 2019 | May 28, 2019 |
| 20180226 | XSS vulnerability in Ruckus ICX FastIron - (CVE-2013-6786) | 1 | February 26, 2018 | February 26, 2018 |
| 072115 | X509_verify_cert function vulnerability in OpenSSL - CVE-2015-1793 | 1 | July 21, 2015 | July 21, 2015 |
| 20200304 | Wi-Fi Protected Network and Wi-Fi Protected Network 2 Info Disclosure Vulnerability - Kr00k | 1.0 | March 04, 2020 | March 04, 2020 |
| 072817 | Vulnerabilities updates for RC4(CVE-2013-2566, CVE-2015-2808), SWEET32 (CVE-2016-2183) and SSL certificate signed using weak hashing algorithm (CVE-2004-2761) | 1 | July 28, 2017 | July 28, 2017 |
| 080216 | Vulnerabilities in WebGUI Interface on Ruckus Unmanaged-APs | 1 | August 02, 2016 | August 02, 2016 |
| 062117 | Vulnerabilities in Web GUI Interface on Ruckus Unmanaged-APs – CVE-2016-1000213, CVE-2016-1000214, CVE-2016-1000215, CVE-2016-1000216 | 1 | June 21, 2017 | June 21, 2017 |
| 022717 | Vulnerabilities in OpenSSL – CVE-2017-3730, CVE-2017-3731, CVE-2017- 3732, CVE-2016-6304, CVE-2016-6305 | 1 | February 27, 2017 | February 27, 2017 |
| 123015 | Vulnerabilities in OpenSSL Distributions - CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196 | 1 | December 30, 2015 | December 30, 2015 |
| 071216 | Vulnerabilities in OpenSSL and Related Updates - CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176 | 1 | July 12, 2016 | July 12, 2016 |
| 051616 | Vulnerabilities in OpenSSL and Related Updates - CVE-2016-0800, CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702, CVE-2016-0703, CVE-2016-0704 | 1 | May 16, 2016 | May 16, 2016 |
| 20180601 | Vulnerabilities in Openssl (CVE-201703738, CVE-2018-0733, CVE-2018-0739) | 1.0 | June 01, 2018 | June 01, 2018 |
| 090315 | Vulnerabilities in OpenSSH Distributions - CVE-2015-5600, CVE-2015-6563, CVE-2015-6564 | 1 | September 03, 2015 | September 03, 2015 |
| 022916 | Vulnerabilities in Linux GNU C (libc) Distributions - CVE-2015-7547 | 1 | February 29, 2016 | February 29, 2016 |
| 030117 | Vulnerabilities in Dropbear SSH – CVE-2016-7406, CVE-2016-7407, CVE- 2016-2408, CVE-2016-2409 | 1 | March 01, 2017 | March 01, 2017 |
| 031813-2 | User authentication bypass vulnerability in ZoneDirector administrative web interface | 1 | March 25, 2013 | March 25, 2013 |
| 10282013 | User authentication bypass vulnerability in Ruckus Access Point’s administrative web interface | 1 | October 28, 2013 | October 28, 2013 |
| 031813-1 | Unauthenticated TCP tunneling on Ruckus devices via SSH server process | 1 | March 25, 2013 | March 25, 2013 |
| 20190815 | TCP SACK Panic - Kernel Vulnerability (CVE-2019-11477, CVE-2019-11478, CVE-2019-11479) | 1.2 | August 15, 2019 | January 08, 2020 |
| 081215 | SSH Login Vulnerability - CVE-2012-1493 | 1 | August 12, 2015 | August 12, 2015 |
| 20180618 | SPECTRE-NG Vulnerabilities - (CVE-2018-3639, CVE-2018-3640) | 1.0 | June 18, 2018 | June 18, 2018 |
| 20180105 | Spectre and Meltdown Vulnerabilities - (CVE-2017-5753 CVE-2017-5715 CVE-2017-5754) | 1.1 | January 05, 2018 | January 16, 2018 |
| 20180427 | SmartZone Security Best Practices for Network Security | 1 | April 28, 2018 | April 28, 2018 |
| 20180319 | Security vulnerabilities addressed by NTP (CVE-2016-1549, CVE-2018-7182, CVE-2018-7170, CVE-2018-7184, CVE-2018-7185, CVE-2018-7183) | 1.0 | March 19, 2018 | March 19, 2018 |
| 20250122 | Security Advisory 20250122: Multiple vulnerabilities in RUCKUS Unleashed and ZoneDirector | 1.3 | January 27, 2025 | July 21, 2025 |
| 20230731 | RUCKUS Unleashed Authenticated Remote Command Execution Vulnerability | 1.1 | July 31, 2023 | August 01, 2023 |
| 20180516 | Ruckus SmartZone Sensitive Information Disclosure Vulnerability | 1.1 | May 16, 2018 | May 22, 2018 |
| 20210719 | RUCKUS SmartZone Reflective Amplification Attack Vulnerability | 1.0 | July 19, 2021 | July 19, 2021 |