Multiple vulnerabilities that remain unpatched in Ruckus Wireless management products could be exploited to fully compromise the network environment they serve. Ruckus vSZ is a centralized wireless network controller that can manage tens of thousands of Ruckus access points and clients, allowing configuration, monitoring, and controlling large-scale WiFi deployments. With no patches available and no clear information on when they might be released, administrators with Ruckus vSZ and RND on their network are recommended to limit access to Ruckus management interfaces to isolated, trusted networks and enforce access over secure protocols only. The issues affect Ruckus Wireless Virtual SmartZone (vSZ) and Ruckus Network Director (RND), and range from uauthenticated remote code execution to hardcoded passwords or SSH public and private keys. Neither CERT/CC nor Moshe were able to contact Ruckus Wireless (now Ruckus Networks) or its parent company, CommScope, about the security problems, which remain unfixed at the time of publishing. "[The] impact of these vulnerabilities varies from information leakage to total compromise of the wireless environment managed by the affected products," reads the bulletin. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. The vulnerabilities were reported to Carnegie Mellon University’s CERT Coordination Center (CERT/CC) by Noam Moshe, a member of Team82, Claroty's research division. BleepingComputer attempted to contact Ruckus via multiple communication channels, but we were unable to reach out.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 09 Jul 2025 15:45:14 +0000