Security
Report a potential issue: [email protected]
The Ruckus Product Security Team is responsible for researching, analyzing and responding to security incident reports related to Ruckus products. This team is the first point of contact for all security incident reports and works directly with Ruckus customers, security researchers, government organizations, consultants, industry security organizations, and other vendors to identify security issues with Ruckus products. This team is also responsible for publishing security advisories and communicating with outside entities regarding mitigation steps for addressing particular security issues with Ruckus products.
Reporting a Security Issue to Ruckus
Ruckus encourages individuals and organizations to report all Ruckus-related product related vulnerabilities and security issues directly to Ruckus via our email alias: [email protected].
A link to the Ruckus Security Incident Response Policy is available here.
Please provide a detailed description of the issue along with sufficient information to reasonably enable Ruckus to reproduce the issue. Please also include a technical contact, list of Ruckus products affected and any other helpful information such as logs and console messages etc.
If you are a currently experiencing a network outage or need help configuring a security feature, please contact Ruckus via any of the contact methods listed on our Contact page.
| ID | Title | Version | Release Date | Edit Date |
| 20180226 | XSS vulnerability in Ruckus ICX FastIron - (CVE-2013-6786) | 1 | February 26, 2018 | February 26, 2018 |
| 20180203 | Java JMX and RMI security vulnerabilities (CVE-2017-15708, CVE-2016-8735) | 1 | February 13, 2018 | February 13, 2018 |
| 20200205 | IoT Controller remote unauthenticated API execution vulnerability (CVE-2020-8005) | 1.0 | February 05, 2020 | February 05, 2020 |
| 20180815 | Linux Kernel TCP Reassembly Algorithm Remote DOS Vulnerability (CVE-2018-5390) | 1.3 | August 15, 2018 | January 16, 2019 |
| 20180516 | Ruckus SmartZone Sensitive Information Disclosure Vulnerability | 1.1 | May 16, 2018 | May 22, 2018 |
| 20180202 | Authenticated Root Command Injection Vulnerabilities in CLI of ZD/Unleashed APs and Web-GUI of Solo/SZ Managed APs (CVE02017-6229, CVE-2017-6230) | 1 | February 05, 2018 | February 05, 2018 |
| 20180116 | Intel Management Engine impersonation security vulnerabilities (CVE-2017-5711, CVE-2017-5712) | 1.0 | January 16, 2018 | January 16, 2018 |
| 20180105 | Spectre and Meltdown Vulnerabilities - (CVE-2017-5753 CVE-2017-5715 CVE-2017-5754) | 1.1 | January 05, 2018 | January 16, 2018 |
| 20200227 | DHCP Buffer Overflow in Logging Capability | 1.0 | February 27, 2020 | February 27, 2020 |
| 20200302 | Ruckus AP Image Upgrade Vulnerability | 1.0 | March 02, 2020 | March 02, 2020 |
| 20200304 | Wi-Fi Protected Network and Wi-Fi Protected Network 2 Info Disclosure Vulnerability - Kr00k | 1.0 | March 04, 2020 | March 04, 2020 |
| 20191224 | ZoneDirector and Unleashed Unauthenticated Remote Code Execution and Other Vulnerabilities | 1.5 | December 24, 2019 | June 12, 2020 |
| 20200615 | ZoneDirector and Unleashed Unauthenticated Remote Code Execution and Other Vulnerabilities - CVE-2020-13913, CVE-2020-13914, CVE-2020-13915, CVE-2020-13916, CVE-2020-13917, CVE-2020-13918, CVE-2020-13919 | 1.0 | June 15, 2020 | June 15, 2020 |
| 20210108 | RUCKUS AP Arbitrary File Read Vulnerability | 1.0 | January 08, 2021 | January 08, 2021 |
| 20210114 | Ruckus AP LLDP Vulnerability (CVE-2015-8011, CVE-2015-8012) | 1.0 | January 14, 2021 | January 14, 2021 |
| 20210409 | RUCKUS SmartZone Information Disclosure Vulnerability | 1.0 | April 09, 2021 | April 09, 2021 |
| 20210525 | Multiple Vulnerabilities in RUCKUS IoT Controller (CVE-2021-33221, CVE- 2021-33220, CVE-2021-33219, CVE-2021-33218, CVE-2021-33217, CVE-2021- 33216, and CVE-2021-33215) | 1.0 | May 25, 2021 | May 25, 2021 |
| 20210719 | RUCKUS SmartZone Reflective Amplification Attack Vulnerability | 1.0 | July 19, 2021 | July 19, 2021 |
| 20210511 | RUCKUS AP Aggregation And Fragmentation Attacks Vulnerability (aka “FragAttacks”) | 1.1 | May 11, 2021 | October 15, 2021 |
| 20211213 | CVE-2021-44228: Apache Log4j Vulnerability | 1.3 | December 13, 2021 | December 17, 2021 |
| 20221114 | CVE-2022-3602, CVE-2022-3786: OpenSSL Vulnerabilities | 1.2 | November 14, 2022 | November 18, 2022 |
| 20210129 | AP / ZD CLI Passphrase Vulnerability | 1.0 | January 29, 2021 | January 29, 2021 |
| 20230404 | CVE-2022-47522: Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues | 1.0 | April 04, 2023 | April 05, 2023 |
| 20230208 | CVE-2023-25717: RUCKUS AP Web Vulnerability (RCE/CSRF) | 1.2 | February 08, 2023 | May 18, 2023 |
| 20230731 | RUCKUS Unleashed Authenticated Remote Command Execution Vulnerability | 1.1 | July 31, 2023 | August 01, 2023 |
| 20230808 | CVE-2023-39904, CVE-2023-39905, CVE-2023-39906: ICX XSS and CSRF Vulnerability | 1.2 | August 08, 2023 | August 14, 2023 |
| 20201026 | Ruckus IoT Controller Remote Command Execution Vulnerability (CVE-2020-26878, CVE-2020-26879) | 1.1 | October 26, 2020 | September 11, 2023 |
| 20231016 | Cloudpath® Persistent XSS and CSRF Vulnerability | 1.1 | October 16, 2023 | November 28, 2023 |
| 20231128 | CVE-2023-49225: RUCKUS AP Stored Cross-Site Scripting Vulnerability | 1.0 | November 29, 2023 | November 29, 2023 |