CVE-2025-44961

Critical CVSS: 9.9

In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user.

Vendor

Product

CWE

Yayın Tarihi

2025-08-04 17:15:30

Güncelleme

2025-11-03 20:19:04

Source Identifier

cve@mitre.org

KEV Date Added

CWE-78 Ruckus Smartzone Firmware CRITICAL Commscope 2025

https://claroty.com/team82/disclosure-dashboard/cve-2025-44961 https://kb.cert.org/vuls/id/613753 https://webresources.commscope.com/download/assets/FAQ+Security+Advisory%3A+ID+20250710/225f44ac3bd311f095821adcaa92e24e https://www.kb.cert.org/vuls/id/613753

Critical

CVE-2025-67305

In RUCKUS Network Director (RND) < 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These…

Critical

CVE-2025-67304

In Ruckus Network Director (RND) < 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL…

High

CVE-2025-44960

RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route.

Medium

CVE-2025-44962

RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ directory traversal to read files.

Critical

CVE-2025-44963

RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded…

Critical

CVE-2025-44954

RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account.