cbcvebase.

Commscope Ruckus Network Director vulnerabilities

9 known vulnerabilities affecting commscope/ruckus_network_director.

Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH6MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2025-67304P2CRITICALCVSS 9.8fixed in 4.5.0.562026-02-19
CVE-2025-67304 [CRITICAL] CWE-798 CVE-2025-67304: In Ruckus Network Director (RND) < 4.5.0.54, the OVA appliance contains hardcoded credentials for th In Ruckus Network Director (RND) < 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user. In the default configuration, the PostgreSQL service is accessible over the network on TCP port 5432. An attacker can use the hardcoded credentials to authenticate remotely, gaining superuser access to the database
nvd
CVE-2025-44960P2HIGHCVSS 8.8fixed in 4.5.0.512025-08-04
CVE-2025-44960 [HIGH] CWE-78 CVE-2025-44960: RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain paramet RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route.
nvd
CVE-2025-67305P2CRITICALCVSS 9.8fixed in 4.5.0.562026-02-19
CVE-2025-67305 [CRITICAL] CWE-321 CVE-2025-67305: In RUCKUS Network Director (RND) < 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the p In RUCKUS Network Director (RND) < 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network access to authenticate via SSH without a password. Once authenticated, the attacker can access the PostgreSQL database with superuser privileges, create
nvd
CVE-2025-44957P2HIGHCVSS 8.8fixed in 4.5.0.512025-08-04
CVE-2025-44957 [HIGH] CWE-288 CVE-2025-44957: Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers.
nvd
CVE-2025-44961P2HIGHCVSS 8.8fixed in 4.5.0.512025-08-04
CVE-2025-44961 [HIGH] CWE-78 CVE-2025-44961: In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP addr In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user.
nvd
CVE-2025-44955P3HIGHCVSS 8.8fixed in 4.5.0.02025-08-04
CVE-2025-44955 [HIGH] CWE-259 CVE-2025-44955: RUCKUS Network Director (RND) before 4.5 allows jailed users to obtain root access vis a weak, hardc RUCKUS Network Director (RND) before 4.5 allows jailed users to obtain root access vis a weak, hardcoded password.
nvd
CVE-2025-44963P3HIGHCVSS 8.1fixed in 4.5.0.02025-08-04
CVE-2025-44963 [HIGH] CWE-321 CVE-2025-44963: RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker who RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key.
nvd
CVE-2025-44958P3HIGHCVSS 7.5fixed in 4.5.0.02025-08-04
CVE-2025-44958 [HIGH] CWE-257 CVE-2025-44958: RUCKUS Network Director (RND) before 4.5 stores passwords in a recoverable format. RUCKUS Network Director (RND) before 4.5 stores passwords in a recoverable format.
nvd
CVE-2025-44962P4MEDIUMCVSS 4.3fixed in 4.5.0.512025-08-04
CVE-2025-44962 [MEDIUM] CWE-24 CVE-2025-44962: RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ directory traversal to read files. RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ directory traversal to read files.
nvd
Commscope Ruckus Network Director vulnerabilities | cvebase