Multiple vulnerabilities that remain unpatched in Ruckus Wireless management products could be exploited to fully compromise the network environment they serve.
The issues affect Ruckus Wireless Virtual SmartZone (vSZ) and Ruckus Network Director (RND), and range from uauthenticated remote code execution to hardcoded passwords or SSH public and private keys.
Ruckus vSZ is a centralized wireless network controller that can manage tens of thousands of Ruckus access points and clients, allowing configuration, monitoring, and controlling large-scale WiFi deployments. Ruckus RND is a management tool for vSZ clusters.
The two products are typically used by large organizations and public entities in need of scalable and robust WiFi infrastructure.
The vulnerabilities were reported to Carnegie Mellon University’s CERT Coordination Center (CERT/CC) by Noam Moshe, a member of Team82, Claroty's research division.
Neither CERT/CC nor Moshe were able to contact Ruckus Wireless (now Ruckus Networks) or its parent company, CommScope, about the security problems, which remain unfixed at the time of publishing.
The problems impacting the two Ruckus Networks products received identifiers and are described as follows:
CVE-2025-44957 – hardcoded secrets in vSZ that allow bypassing authentication and admin-level access using crafted HTTP headers and valid API keys
– hardcoded secrets in vSZ that allow bypassing authentication and admin-level access using crafted HTTP headers and valid API keys CVE-2025-44962 – path traversal in vSZ that allows arbitrary file reads for authenticated users
– path traversal in vSZ that allows arbitrary file reads for authenticated users CVE-2025-44954 – vSZ has hardcoded default public/private SSH keys that allows anyone to connect to vulnerable devices with root access
... continue reading