cbcvebase.

Ruckus Smartzone vulnerabilities

5 known vulnerabilities affecting ruckus/smartzone.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2025-44960P2HIGHCVSS 8.8fixed in 6.1.2p3 Refresh Build2025-08-04
CVE-2025-44960 [HIGH] CWE-78 CVE-2025-44960: RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain paramet RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route.
nvd
CVE-2025-44957P2HIGHCVSS 8.8fixed in 6.1.2p3 Refresh Build2025-08-04
CVE-2025-44957 [HIGH] CWE-288 CVE-2025-44957: Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers.
nvd
CVE-2025-44961P2HIGHCVSS 8.8fixed in 6.1.2p3 Refresh Build2025-08-04
CVE-2025-44961 [HIGH] CWE-78 CVE-2025-44961: In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP addr In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user.
nvd
CVE-2025-44954P3CRITICALCVSS 9.8fixed in 6.1.2p3 Refresh Build2025-08-04
CVE-2025-44954 [CRITICAL] CWE-1394 CVE-2025-44954: RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equiva RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account.
nvd
CVE-2025-44962P4MEDIUMCVSS 4.3fixed in 6.1.2p3 Refresh Build2025-08-04
CVE-2025-44962 [MEDIUM] CWE-24 CVE-2025-44962: RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ directory traversal to read files. RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ directory traversal to read files.
nvd
Ruckus Smartzone vulnerabilities | cvebase