Commscope Ruckus_network_director

9 CVEs affecting Commscope Ruckus_network_director. Latest disclosed: 2026-02-19. Critical: 4, High: 3.

Top CVEs affecting Commscope Ruckus_network_director
CVESeverityScorePublishedSummary
CVE-2025-44961Critical9.92025-08-04In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user.
CVE-2025-67305Critical9.82026-02-19In RUCKUS Network Director (RND) < 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deploymen…
CVE-2025-67304Critical9.82026-02-19In Ruckus Network Director (RND) < 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user. In the default configura…
CVE-2025-44963Critical9.02025-08-04RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key.
CVE-2025-44955High8.82025-08-04RUCKUS Network Director (RND) before 4.5 allows jailed users to obtain root access vis a weak, hardcoded password.
CVE-2025-44960High8.52025-08-04RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route.
CVE-2025-44957High8.52025-08-04Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers.
CVE-2025-44958Medium5.32025-08-04RUCKUS Network Director (RND) before 4.5 stores passwords in a recoverable format.
CVE-2025-44962Medium5.02025-08-04RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ directory traversal to read files.