Please note this important new Security Bulletin.

The Ruckus Product Security Team is responsible for researching, analyzing and responding to security incident reports related to Ruckus products. This team is the first point of contact for all security incident reports and works directly with Ruckus customers, security researchers, government organizations, consultants, industry security organizations, and other vendors to identify security issues with Ruckus products. This team is also responsible for publishing security advisories and communicating with outside entities regarding mitigation steps for addressing particular security issues with Ruckus products.

Reporting a Security Issue to Ruckus

Ruckus encourages individuals and organizations to report all Ruckus-related product related vulnerabilities and security issues directly to Ruckus via our email alias:

A link to the Ruckus Security Incident Response Policy is available here.

Please provide a detailed description of the issue along with sufficient information to reasonably enable Ruckus to reproduce the issue. Please also include a technical contact, list of Ruckus products affected and any other helpful information such as logs and console messages etc.

If you are a currently experiencing a network outage or need help configuring a security feature, please contact Ruckus via any of the contact methods listed on our Contact page.

Security Bulletins

try NEW advanced search
ID Title Version Release Date Edit Date
BSA-2014-002 CVE-2014-3566 - OpenSSL March 10, 2015 April 7, 2017
BSA-2015-001 GNU C Library “GHOST” Vulnerability (CVE-2015-0235) Assessment for Brocade February 13, 2015 May 11, 2016
020215 glibc library vulnerability (commonly referred as ‘Ghost’) - CVE-2015-0235 1 February 2, 2015 February 2, 2015
123114 Network Time Protocol (NTP) vulnerability - CVE-2014-9295 1 December 31, 2014 December 31, 2014
111414 POODLE SSLv3 vulnerability - CVE-2014-3566 1 November 14, 2014 November 14, 2014
092914 GNU Bash vulnerability - CVE-2014-6271 and CVE-2014-7169 2 September 29, 2014 October 8, 2014
070714 OpenSSL 0.9.8, 1.0.0 & 1.0.1 library's vulnerability - CVE-2014-0224 1 July 7, 2014 July 7, 2014
041414 OpenSSL 1.0.1 library’s “Heart bleed” vulnerability — CVE-2014-0160 1 April 14, 2014 April 14, 2014
10282013 User authentication bypass vulnerability in Ruckus Access Point’s administrative web interface 1 October 28, 2013 October 28, 2013
111113-1 Authenticated code injection vulnerability in ZoneDirector administrative web interface 1 September 9, 2013 September 9, 2013
111113-2 Authenticated persistent cross site scripting vulnerability in guest pass provisioning web interface on ZoneDirector controllers 1 September 9, 2013 September 9, 2013
031813-1 Unauthenticated TCP tunneling on Ruckus devices via SSH server process 1 March 25, 2013 March 25, 2013
031813-2 User authentication bypass vulnerability in ZoneDirector administrative web interface 1 March 25, 2013 March 25, 2013

Working...Please wait

This is here to prevent you from accidentally submitting twice.

The page will automatically refresh.