Ruckus Unleashed CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (4 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2021-4474	2 Ruckus, Ruckuswireless	8 Ruckus Unleashed, Smartzone 100-d (sz100-d) (eol), Smartzone 100 (sz-100) (eol) and 5 more	2026-03-27	4.9 Medium
Ruckus Access Point products contain an arbitrary file read vulnerability in the command-line interface that allows authenticated remote attackers with administrative privileges to read arbitrary files from the underlying filesystem. Attackers can exploit this vulnerability to access sensitive information including configuration files, credentials, and system data stored on the device.
CVE-2025-63735	2 Ruckus, Ruckuswireless	2 Unleashed, Ruckus Unleashed	2026-01-09	6.1 Medium
A reflected Cross site scripting (XSS) vulnerability in Ruckus Unleashed 200.13.6.1.319 via the name parameter to the the captive-portal endpoint selfguestpass/guestAccessSubmit.jsp.
CVE-2025-46123	3 Commscope, Ruckus, Ruckuswireless	44 Ruckus C110, Ruckus E510, Ruckus H320 and 41 more	2025-08-05	7.2 High
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where the authenticated configuration endpoint `/admin/_conf.jsp` writes the Wi-Fi guest password to memory with snprintf using the attacker-supplied value as the format string; a crafted password therefore triggers uncontrolled format-string processing and enables remote code execution on the controller.
CVE-2025-46118	3 Commscope, Ruckus, Ruckuswireless	44 Ruckus C110, Ruckus E510, Ruckus H320 and 41 more	2025-08-05	5.3 Medium
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279, where hard-coded credentials for the ftpuser account provide FTP access to the controller, enabling a remote attacker to upload or retrieve arbitrary files from writable firmware directories and thereby expose sensitive information or compromise the controller.

Page 1 of 1.