Commscope Ruckus Smartzone Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Commscope Ruckus Smartzone Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2025-44961 — CVSS 9.9 (critical): In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated…
CVE-2025-44954 — CVSS 9.0 (critical): RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account.
CVE-2025-44957 — CVSS 8.5 (high): Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers.
CVE-2025-44960 — CVSS 8.5 (high): RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route.