This page lists publicly disclosed CVE vulnerabilities affecting commscope ruckus_smartzone_firmware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-44962 | RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ directory traversal to read files. | [email protected] | 5.0 | 0.69% | 2025-08-04 | 2026-06-17 |
| CVE-2025-44961 | In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user. | [email protected] | 9.9 | 2.04% | 2025-08-04 | 2026-06-17 |
| CVE-2025-44960 | RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route. | [email protected] | 8.5 | 1.82% | 2025-08-04 | 2026-06-17 |
| CVE-2025-44957 | Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers. | [email protected] | 8.5 | 0.89% | 2025-08-04 | 2026-06-17 |
| CVE-2025-44954 | RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account. | [email protected] | 9.0 | 0.68% | 2025-08-04 | 2026-06-17 |
| CVE-2023-25717 KEV | Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring. | [email protected] | 9.8 | 95.33% | 2023-02-13 | 2026-06-17 |