Security
The RUCKUS Product Security Team is responsible for researching, analyzing and responding to security incident reports related to RUCKUS products. This team is the first point of contact for all security incident reports and works directly with RUCKUS customers, security researchers, government organizations, consultants, industry security organizations, and other vendors to identify security issues with RUCKUS products. This team is also responsible for publishing security advisories and communicating with outside entities regarding mitigation steps for addressing particular security issues with Ruckus products.
Reporting a Security Issue to Ruckus
RUCKUS encourages individuals and organizations to report all RUCKUS-related product related vulnerabilities and security issues using the form below.
Please see the RUCKUS Security Incident Response Policy for additional information.
Please provide a detailed description of the issue along with sufficient information to reasonably enable RUCKUS to reproduce the issue. Please also include a technical contact, list of RUCKUS products affected and any other helpful information such as logs and console messages etc.
If you are a currently experiencing a network outage or need help configuring a security feature, please contact RUCKUS via any of the contact methods listed on our Contact page.
| ID | Title | Version | Release Date | Edit Date |
|---|---|---|---|---|
| 092914 | GNU Bash vulnerability - CVE-2014-6271 and CVE-2014-7169 | 2 | September 29, 2014 | October 08, 2014 |
| 20191224 | ZoneDirector and Unleashed Unauthenticated Remote Code Execution and Other Vulnerabilities | 1.5 | December 24, 2019 | June 12, 2020 |
| 20250710 | Reported vulnerabilities in RUCKUS SmartZone and RUCKUS Network Director: CVE-2025-44957, CVE-2025-44962 ... | 1.5 | July 10, 2025 | July 23, 2025 |
| 20211213 | CVE-2021-44228: Apache Log4j Vulnerability | 1.3 | December 13, 2021 | December 17, 2021 |
| 20250122 | Security Advisory 20250122: Multiple vulnerabilities in RUCKUS Unleashed and ZoneDirector | 1.3 | January 27, 2025 | July 21, 2025 |
| 20180815 | Linux Kernel TCP Reassembly Algorithm Remote DOS Vulnerability (CVE-2018-5390) | 1.3 | August 15, 2018 | January 16, 2019 |
| 20221114 | CVE-2022-3602, CVE-2022-3786: OpenSSL Vulnerabilities | 1.2 | November 14, 2022 | November 18, 2022 |
| 20190815 | TCP SACK Panic - Kernel Vulnerability (CVE-2019-11477, CVE-2019-11478, CVE-2019-11479) | 1.2 | August 15, 2019 | January 08, 2020 |
| 20190603 | Ruckus SmartZone Privilege Escalation Vulnerability (CVE-2019-11630) | 1.2 | June 03, 2019 | August 12, 2019 |
| 20230208 | CVE-2023-25717: RUCKUS AP Web Vulnerability (RCE/CSRF) | 1.2 | February 08, 2023 | May 18, 2023 |
| 20230808 | CVE-2023-39904, CVE-2023-39905, CVE-2023-39906: ICX XSS and CSRF Vulnerability | 1.2 | August 08, 2023 | August 14, 2023 |
| 20240925 | RUCKUS AP Remote Code Execution Vulnerability | 1.2 | October 04, 2024 | October 11, 2024 |
| 101617 | Multiple Vulnerabilities discovered in 4-way handshake of WPA2 protocols - (KRACK: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) | 1.12 | October 16, 2017 | December 21, 2017 |
| 20230731 | RUCKUS Unleashed Authenticated Remote Command Execution Vulnerability | 1.1 | July 31, 2023 | August 01, 2023 |
| 20180105 | Spectre and Meltdown Vulnerabilities - (CVE-2017-5753 CVE-2017-5715 CVE-2017-5754) | 1.1 | January 05, 2018 | January 16, 2018 |
| 20201026 | Ruckus IoT Controller Remote Command Execution Vulnerability (CVE-2020-26878, CVE-2020-26879) | 1.1 | October 26, 2020 | September 11, 2023 |
| 20180516 | Ruckus SmartZone Sensitive Information Disclosure Vulnerability | 1.1 | May 16, 2018 | May 22, 2018 |
| 20210511 | RUCKUS AP Aggregation And Fragmentation Attacks Vulnerability (aka “FragAttacks”) | 1.1 | May 11, 2021 | October 15, 2021 |
| 20231016 | Cloudpath® Persistent XSS and CSRF Vulnerability | 1.1 | October 16, 2023 | November 28, 2023 |
| 20181205 | PortSmash Side-Channel Vulnerability (CVE-2018-5407) | 1.0 | December 05, 2018 | December 05, 2018 |
| 20180618 | SPECTRE-NG Vulnerabilities - (CVE-2018-3639, CVE-2018-3640) | 1.0 | June 18, 2018 | June 18, 2018 |
| 20180319 | Security vulnerabilities addressed by NTP (CVE-2016-1549, CVE-2018-7182, CVE-2018-7170, CVE-2018-7184, CVE-2018-7185, CVE-2018-7183) | 1.0 | March 19, 2018 | March 19, 2018 |
| 20190528 | Zombieload, RIDL, and Fallout Vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2018-11091) | 1.0 | May 28, 2019 | May 28, 2019 |
| 20190412 | Dragonblood Vulnerabilities - VU#871675 | 1.0 | April 12, 2019 | April 12, 2019 |
| 20200615 | ZoneDirector and Unleashed Unauthenticated Remote Code Execution and Other Vulnerabilities - CVE-2020-13913, CVE-2020-13914, CVE-2020-13915, CVE-2020-13916, CVE-2020-13917, CVE-2020-13918, CVE-2020-13919 | 1.0 | June 15, 2020 | June 15, 2020 |
| 20180917 | Automatic DNS Registration and Proxy Autodiscovery Vulnerabilities (VU#598349) | 1.0 | September 17, 2018 | September 17, 2018 |
| 20180816 | Dictionary attacks on WiFi Protected Access (WPA & WPA2) Protocols | 1.0 | August 16, 2018 | August 16, 2018 |
| 20180906 | Intel Speculative Execution Vulnerabilities (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646) | 1.0 | September 06, 2018 | September 06, 2018 |
| 20180116 | Intel Management Engine impersonation security vulnerabilities (CVE-2017-5711, CVE-2017-5712) | 1.0 | January 16, 2018 | January 16, 2018 |
| 20181102 | Libssh Vulnerabilities - CVE-2018-10933 | 1.0 | November 02, 2018 | November 02, 2018 |