CVE-2025-44963

Critical CVSS: 9.0

RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key.

Vendor

Commscope

Product

Ruckus Network Director

CWE

CWE-321

Yayın Tarihi

2025-08-04 17:15:30

Güncelleme

2025-11-03 20:19:04

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-321 Ruckus Network Director CRITICAL Commscope 2025

Referanslar

https://claroty.com/team82/disclosure-dashboard/cve-2025-44963 https://kb.cert.org/vuls/id/613753 https://webresources.commscope.com/download/assets/FAQ+Security+Advisory%3A+ID+20250710/225f44ac3bd311f095821adcaa92e24e https://www.kb.cert.org/vuls/id/613753

Benzer Kayıtlar

Critical

CVE-2025-67305

In RUCKUS Network Director (RND) < 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These…

Critical

CVE-2025-67304

In Ruckus Network Director (RND) < 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL…

High

CVE-2025-44960

RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route.

Critical

CVE-2025-44961

In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided b…

Medium

CVE-2025-44962

RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ directory traversal to read files.

Critical

CVE-2025-44954

RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account.