Commscope Ruckus Network Director — known CVE vulnerabilities
Every CVE whose affected-product data names Commscope Ruckus Network Director, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2025-44961 — CVSS 9.9 (critical): In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated…
CVE-2025-67305 — CVSS 9.8 (critical): In RUCKUS Network Director (RND) < 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical…
CVE-2025-67304 — CVSS 9.8 (critical): In Ruckus Network Director (RND) < 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user. In…
CVE-2025-44963 — CVSS 9.0 (critical): RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain…
CVE-2025-44955 — CVSS 8.8 (high): RUCKUS Network Director (RND) before 4.5 allows jailed users to obtain root access vis a weak, hardcoded password.
CVE-2025-44960 — CVSS 8.5 (high): RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route.
CVE-2025-44957 — CVSS 8.5 (high): Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers.