Report a potential issue: #RuckusNetworkSecurity@commscope.com
The Ruckus Product Security Team is responsible for researching, analyzing and responding to security incident reports related to Ruckus products. This team is the first point of contact for all security incident reports and works directly with Ruckus customers, security researchers, government organizations, consultants, industry security organizations, and other vendors to identify security issues with Ruckus products. This team is also responsible for publishing security advisories and communicating with outside entities regarding mitigation steps for addressing particular security issues with Ruckus products.
Reporting a Security Issue to Ruckus
Ruckus encourages individuals and organizations to report all Ruckus-related product related vulnerabilities and security issues directly to Ruckus via our email alias: #RuckusNetworkSecurity@commscope.com.
A link to the Ruckus Security Incident Response Policy is available here.
Please provide a detailed description of the issue along with sufficient information to reasonably enable Ruckus to reproduce the issue. Please also include a technical contact, list of Ruckus products affected and any other helpful information such as logs and console messages etc.
If you are a currently experiencing a network outage or need help configuring a security feature, please contact Ruckus via any of the contact methods listed on our Contact page.
|ID||Title||Version||Release Date||Edit Date|
|20200615||ZoneDirector and Unleashed Unauthenticated Remote Code Execution and Other Vulnerabilities - CVE-2020-13913, CVE-2020-13914, CVE-2020-13915, CVE-2020-13916, CVE-2020-13917, CVE-2020-13918, CVE-2020-13919||1.0||June 15, 2020||June 15, 2020|
|20200304||Wi-Fi Protected Network and Wi-Fi Protected Network 2 Info Disclosure Vulnerability - Kr00k||1.0||March 4, 2020||March 4, 2020|
|20200302||Ruckus AP Image Upgrade Vulnerability||1.0||March 2, 2020||March 2, 2020|
|20200227||DHCP Buffer Overflow in Logging Capability||1.0||February 27, 2020||February 27, 2020|
|20200205||IoT Controller remote unauthenticated API execution vulnerability (CVE-2020-8005)||1.0||February 5, 2020||February 5, 2020|
|20191224||ZoneDirector and Unleashed Unauthenticated Remote Code Execution and Other Vulnerabilities||1.5||December 24, 2019||June 12, 2020|
|20190815||TCP SACK Panic - Kernel Vulnerability (CVE-2019-11477, CVE-2019-11478, CVE-2019-11479)||1.2||August 15, 2019||January 8, 2020|
|20190603||Ruckus SmartZone Privilege Escalation Vulnerability (CVE-2019-11630)||1.2||June 3, 2019||August 12, 2019|
|20190528||Zombieload, RIDL, and Fallout Vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2018-11091)||1.0||May 28, 2019||May 28, 2019|
|20190412||Dragonblood Vulnerabilities - VU#871675||1.0||April 12, 2019||April 12, 2019|
|20181205||PortSmash Side-Channel Vulnerability (CVE-2018-5407)||1.0||December 5, 2018||December 5, 2018|
|20181102||Libssh Vulnerabilities - CVE-2018-10933||1.0||November 2, 2018||November 2, 2018|
|20180917||Automatic DNS Registration and Proxy Autodiscovery Vulnerabilities (VU#598349)||1.0||September 17, 2018||September 17, 2018|
|20180906||Intel Speculative Execution Vulnerabilities (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646)||1.0||September 6, 2018||September 6, 2018|
|20180816||Dictionary attacks on WiFi Protected Access (WPA & WPA2) Protocols||1.0||August 16, 2018||August 16, 2018|
|20180815||Linux Kernel TCP Reassembly Algorithm Remote DOS Vulnerability (CVE-2018-5390)||1.3||August 15, 2018||January 16, 2019|
|20180618||SPECTRE-NG Vulnerabilities - (CVE-2018-3639, CVE-2018-3640)||1.0||June 18, 2018||June 18, 2018|
|20180601||Vulnerabilities in Openssl (CVE-201703738, CVE-2018-0733, CVE-2018-0739)||1.0||June 1, 2018||June 1, 2018|
|20180516||Ruckus SmartZone Sensitive Information Disclosure Vulnerability||1.1||May 16, 2018||May 22, 2018|
|20180427||SmartZone Security Best Practices for Network Security||1||April 28, 2018||April 28, 2018|
|20180319||Security vulnerabilities addressed by NTP (CVE-2016-1549, CVE-2018-7182, CVE-2018-7170, CVE-2018-7184, CVE-2018-7185, CVE-2018-7183)||1.0||March 19, 2018||March 19, 2018|
|20180226||XSS vulnerability in Ruckus ICX FastIron - (CVE-2013-6786)||1||February 26, 2018||February 26, 2018|
|20180203||Java JMX and RMI security vulnerabilities (CVE-2017-15708, CVE-2016-8735)||1||February 13, 2018||February 13, 2018|
|20180202||Authenticated Root Command Injection Vulnerabilities in CLI of ZD/Unleashed APs and Web-GUI of Solo/SZ Managed APs (CVE02017-6229, CVE-2017-6230)||1||February 5, 2018||February 5, 2018|
|20180116||Intel Management Engine impersonation security vulnerabilities (CVE-2017-5711, CVE-2017-5712)||1.0||January 16, 2018||January 16, 2018|
|20180105||Spectre and Meltdown Vulnerabilities - (CVE-2017-5753 CVE-2017-5715 CVE-2017-5754)||1.1||January 5, 2018||January 16, 2018|
|112717||Multiple Vulnerabilities in DNSMASQ (CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496, CVE-2017-13704, CVE-2015-3294)||1||November 27, 2017||November 27, 2017|
|101717||Multiple Vulnerabilities discovered in RSA key generation within Infineon TPM||1||October 17, 2017||October 17, 2017|
|101617||Multiple Vulnerabilities discovered in 4-way handshake of WPA2 protocols - (KRACK: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)||1.12||October 16, 2017||December 21, 2017|
|092917||Authenticated Root Command Injection Vulnerabilities in Web-GUI of Ruckus Zone Director Controller and Unleashed APs (CVE-2017-6223, CVE-2017-6224)||1||September 29, 2017||September 29, 2017|