Ruckus Smartzone CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (7 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-25717	2 Commscope, Ruckuswireless	61 Ruckus Smartzone Firmware, E510, H320 and 58 more	2025-08-22	9.8 Critical
Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.
CVE-2023-49225	2 Commscope, Ruckuswireless	74 Ruckus Smartzone, C110, C110 Firmware and 71 more	2025-08-22	6.1 Medium
A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone, and AP Solo). If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. As for the affected products/models/versions, see the information provided by the vendor listed under [References] section or the list under [Product Status] section.
CVE-2025-44962	2 Commscope, Ruckus	32 Ruckus C110, Ruckus E510, Ruckus H320 and 29 more	2025-08-07	5 Medium
RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ directory traversal to read files.
CVE-2025-44961	1 Commscope	31 Ruckus C110, Ruckus E510, Ruckus H320 and 28 more	2025-08-07	9.9 Critical
In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user.
CVE-2025-44960	2 Commscope, Ruckus	32 Ruckus C110, Ruckus E510, Ruckus H320 and 29 more	2025-08-07	8.5 High
RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route.
CVE-2025-44957	2 Commscope, Ruckus	32 Ruckus C110, Ruckus E510, Ruckus H320 and 29 more	2025-08-07	8.5 High
Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers.
CVE-2025-44954	2 Commscope, Ruckus	31 Ruckus C110, Ruckus E510, Ruckus H320 and 28 more	2025-08-07	9 Critical
RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account.

Page 1 of 1.