Commscope Ruckus Smartzone Firmware vulnerabilities
6 known vulnerabilities affecting commscope/ruckus_smartzone_firmware.
Total CVEs
6
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL2HIGH3MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-25717P1CRITICALCVSS 9.8KEVPoCfixed in 5.2.1.3v6.1.0.0.935+1 more2023-02-13
CVE-2023-25717 [CRITICAL] CWE-94 CVE-2023-25717: Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Requ
Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.
nvd
CVE-2025-44960P2HIGHCVSS 8.8fixed in 6.1.2v6.1.2+2 more2025-08-04
CVE-2025-44960 [HIGH] CWE-78 CVE-2025-44960: RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain paramet
RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route.
nvd
CVE-2025-44957P2HIGHCVSS 8.8fixed in 6.1.2v6.1.2+2 more2025-08-04
CVE-2025-44957 [HIGH] CWE-288 CVE-2025-44957: Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key
Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers.
nvd
CVE-2025-44961P2HIGHCVSS 8.8fixed in 6.1.2v6.1.2+2 more2025-08-04
CVE-2025-44961 [HIGH] CWE-78 CVE-2025-44961: In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP addr
In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user.
nvd
CVE-2025-44954P3CRITICALCVSS 9.8fixed in 6.1.2v6.1.2+2 more2025-08-04
CVE-2025-44954 [CRITICAL] CWE-1394 CVE-2025-44954: RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equiva
RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account.
nvd
CVE-2025-44962P4MEDIUMCVSS 4.3fixed in 6.1.2v6.1.2+2 more2025-08-04
CVE-2025-44962 [MEDIUM] CWE-24 CVE-2025-44962: RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ directory traversal to read files.
RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ directory traversal to read files.
nvd