Commscope Ruckus_network_director
9 CVEs affecting Commscope Ruckus_network_director. Latest disclosed: 2026-02-19. Critical: 4, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-44961 | Critical | 9.9 | 2025-08-04 | In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user. |
CVE-2025-67305 | Critical | 9.8 | 2026-02-19 | In RUCKUS Network Director (RND) < 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deploymen… |
CVE-2025-67304 | Critical | 9.8 | 2026-02-19 | In Ruckus Network Director (RND) < 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user. In the default configura… |
CVE-2025-44963 | Critical | 9.0 | 2025-08-04 | RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key. |
CVE-2025-44955 | High | 8.8 | 2025-08-04 | RUCKUS Network Director (RND) before 4.5 allows jailed users to obtain root access vis a weak, hardcoded password. |
CVE-2025-44960 | High | 8.5 | 2025-08-04 | RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route. |
CVE-2025-44957 | High | 8.5 | 2025-08-04 | Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers. |
CVE-2025-44958 | Medium | 5.3 | 2025-08-04 | RUCKUS Network Director (RND) before 4.5 stores passwords in a recoverable format. |
CVE-2025-44962 | Medium | 5.0 | 2025-08-04 | RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ directory traversal to read files. |