Security

The Ruckus Product Security Team is responsible for researching, analyzing and responding to security incident reports related to Ruckus products. This team is the first point of contact for all security incident reports and works directly with Ruckus customers, security researchers, government organizations, consultants, industry security organizations, and other vendors to identify security issues with Ruckus products. This team is also responsible for publishing security advisories and communicating with outside entities regarding mitigation steps for addressing particular security issues with Ruckus products.

Reporting a Security Issue to Ruckus

Ruckus encourages individuals and organizations to report all Ruckus-related product related vulnerabilities and security issues directly to Ruckus via our email alias: [email protected].

A link to the Ruckus Security Incident Response Policy is available here.

Please provide a detailed description of the issue along with sufficient information to reasonably enable Ruckus to reproduce the issue. Please also include a technical contact, list of Ruckus products affected and any other helpful information such as logs and console messages etc.

If you are a currently experiencing a network outage or need help configuring a security feature, please contact Ruckus via any of the contact methods listed on our Contact page.

try NEW advanced search
ID Title Version Release Date Edit Date
112717 Multiple Vulnerabilities in DNSMASQ (CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496, CVE-2017-13704, CVE-2015-3294) 1 November 27, 2017 November 27, 2017
101717 Multiple Vulnerabilities discovered in RSA key generation within Infineon TPM 1 October 17, 2017 October 17, 2017
101617 Multiple Vulnerabilities discovered in 4-way handshake of WPA2 protocols - (KRACK: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) 1.12 October 16, 2017 December 21, 2017
092917 Authenticated Root Command Injection Vulnerabilities in Web-GUI of Ruckus Zone Director Controller and Unleashed APs (CVE-2017-6223, CVE-2017-6224) 1 September 29, 2017 September 29, 2017
072817 Vulnerabilities updates for RC4(CVE-2013-2566, CVE-2015-2808), SWEET32 (CVE-2016-2183) and SSL certificate signed using weak hashing algorithm (CVE-2004-2761) 1 July 28, 2017 July 28, 2017
062117 Vulnerabilities in Web GUI Interface on Ruckus Unmanaged-APs – CVE-2016-1000213, CVE-2016-1000214, CVE-2016-1000215, CVE-2016-1000216 1 June 21, 2017 June 21, 2017
030117 Vulnerabilities in Dropbear SSH – CVE-2016-7406, CVE-2016-7407, CVE- 2016-2408, CVE-2016-2409 1 March 01, 2017 March 01, 2017
022717 Vulnerabilities in OpenSSL – CVE-2017-3730, CVE-2017-3731, CVE-2017- 3732, CVE-2016-6304, CVE-2016-6305 1 February 27, 2017 February 27, 2017
111116 Linux Kernel Local Privilege Escalation "Dirty Cow" - CVE-2016-5195 1 November 11, 2016 November 11, 2016
081516 Linux TCP Flaw - CVE-2016-5696 1 August 15, 2016 August 15, 2016
080216 Vulnerabilities in WebGUI Interface on Ruckus Unmanaged-APs 1 August 02, 2016 August 02, 2016
071216 Vulnerabilities in OpenSSL and Related Updates - CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176 1 July 12, 2016 July 12, 2016
051616 Vulnerabilities in OpenSSL and Related Updates - CVE-2016-0800, CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702, CVE-2016-0703, CVE-2016-0704 1 May 16, 2016 May 16, 2016
022916 Vulnerabilities in Linux GNU C (libc) Distributions - CVE-2015-7547 1 February 29, 2016 February 29, 2016
123015 Vulnerabilities in OpenSSL Distributions - CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196 1 December 30, 2015 December 30, 2015
090315 Vulnerabilities in OpenSSH Distributions - CVE-2015-5600, CVE-2015-6563, CVE-2015-6564 1 September 03, 2015 September 03, 2015
081215 SSH Login Vulnerability - CVE-2012-1493 1 August 12, 2015 August 12, 2015
072115 X509_verify_cert function vulnerability in OpenSSL - CVE-2015-1793 1 July 21, 2015 July 21, 2015
071715 Packet Injection Vulnerability on 802.11n MAC Frame Aggregation 1 July 17, 2015 July 17, 2015
070815 Logjam vulnerability against Diffie-Hellman Key Exchange with TLS Protocol - CVE-2015-0291 1 July 08, 2015 July 08, 2015
020215 glibc library vulnerability (commonly referred as ‘Ghost’) - CVE-2015-0235 1 February 02, 2015 February 02, 2015
123114 Network Time Protocol (NTP) vulnerability - CVE-2014-9295 1 December 31, 2014 December 31, 2014
111414 POODLE SSLv3 vulnerability - CVE-2014-3566 1 November 14, 2014 November 14, 2014
092914 GNU Bash vulnerability - CVE-2014-6271 and CVE-2014-7169 2 September 29, 2014 October 08, 2014
070714 OpenSSL 0.9.8, 1.0.0 & 1.0.1 library's vulnerability - CVE-2014-0224 1 July 07, 2014 July 07, 2014
041414 OpenSSL 1.0.1 library’s “Heart bleed” vulnerability — CVE-2014-0160 1 April 14, 2014 April 14, 2014
10282013 User authentication bypass vulnerability in Ruckus Access Point’s administrative web interface 1 October 28, 2013 October 28, 2013
111113-2 Authenticated persistent cross site scripting vulnerability in guest pass provisioning web interface on ZoneDirector controllers 1 September 09, 2013 September 09, 2013
111113-1 Authenticated code injection vulnerability in ZoneDirector administrative web interface 1 September 09, 2013 September 09, 2013
031813-2 User authentication bypass vulnerability in ZoneDirector administrative web interface 1 March 25, 2013 March 25, 2013

Working...Please wait

This is here to prevent you from accidentally submitting twice.

The page will automatically refresh.

Alert!!

Close