Ruckus Smartzone
5 CVEs affecting Ruckus Smartzone. Latest disclosed: 2025-08-04. Critical: 2, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-44961 | Critical | 9.9 | 2025-08-04 | In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user. |
CVE-2025-44954 | Critical | 9.0 | 2025-08-04 | RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account. |
CVE-2025-44960 | High | 8.5 | 2025-08-04 | RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route. |
CVE-2025-44957 | High | 8.5 | 2025-08-04 | Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers. |
CVE-2025-44962 | Medium | 5.0 | 2025-08-04 | RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ directory traversal to read files. |