Ruckus Wi-fi Digital SmartZone (vSZ) and Community Director (RND) merchandise are affected by a number of vulnerabilities that would enable attackers to compromise managed environments.
Ruckus Wi-fi, now Ruckus Networks, is a supplier of networking gadgets for venues with internet-connected programs, together with hospitals, faculties, and sensible cities.
The corporate’s vSZ management software program helps the administration of large-scale networks – as much as 10,000 Ruckus entry factors – whereas RND permits the administration of a number of vSZ clusters.
A contemporary alert from Carnegie Mellon College’s CERT Coordination Middle (CERT/CC) attracts consideration to 9 flaws that Claroty Team82 discovered within the two home equipment, which may result in authentication bypass, arbitrary file reads, and distant code execution (RCE).
The vSZ software accommodates a number of hardcoded secrets and techniques, together with JWT Signing Key and API keys, which may enable attackers to entry the equipment with excessive privileges. The difficulty is tracked as CVE-2025-44957.
“Utilizing HTTP headers and a legitimate API key, it’s attainable to logically bypass the authentication strategies, offering administrator-level entry to anybody that does this,” CERT/CC’s advisory reads.
One other bug in vSZ, tracked as CVE-2025-44962, may enable authenticated customers to traverse listing paths and skim delicate recordsdata.
Moreover, vSZ shops default private and non-private RSA keys for a built-in consumer with root privileges within the consumer’s SSH listing (CVE-2025-44954), offering anybody with information of the keys with root-level permissions through SSH, which may probably result in unauthenticated RCE.Commercial. Scroll to proceed studying.
Two different RCE vulnerabilities in vSZ exist because of the lack of sanitization of a user-controlled parameter in an API route (CVE-2025-44960) and the dearth of sanitization of a user-supplied IP handle as an argument, which may very well be a command as an alternative of the IP handle (CVE-2025-44961).
RND too was discovered to make use of hardcoded secrets and techniques, together with a JWT token, for the backend net server, thus permitting attackers to create a legitimate JWT, bypass authentication, and entry the server with admin privileges. The flaw is tracked as CVE-2025-4496.
Moreover, RND was discovered to comprise a built-in jailbreak for a jailed atmosphere that helps machine configuration with out shell entry to the underlying OS. A hardcoded password, tracked as CVE-2025-44955, supplies entry to the server with root privileges.
The RND platform additionally accommodates hardcoded SSH keys (CVE-2025-6243) for the built-in account ‘sshuser’, which has root privileges, and makes use of a hardcoded weak secret key (CVE-2025-44958) to encrypt passwords, whereas returning the passwords in plaintext.
“Affect of those vulnerabilities fluctuate from info leakage to complete compromise of the wi-fi atmosphere managed by the affected merchandise. […] A number of vulnerabilities will be chained to create chained assaults that may enable the attacker to mix assaults to bypass any safety controls that forestall solely particular assaults,” CERT/CC notes.
In line with CERT/CC, its makes an attempt to contact Ruckus Wi-fi or its dad or mum firm Commscope have remained unanswered and no patches can be found for these vulnerabilities. Customers ought to restrict entry to the weak merchandise and comprise them inside remoted administration networks.
SecurityWeek has emailed Commscope for a press release on these vulnerabilities and can replace the article if the corporate responds.
Associated: Exploits, Technical Particulars Launched for CitrixBleed2 Vulnerability
Associated: Vulnerability Uncovered All Open VSX Repositories to Takeover
Associated: Zyxel Firewall Vulnerability Once more in Attacker Crosshairs
