Ruckus Wireless Exposed: 9 Critical Vulnerabilities Leave Wi-Fi Management Systems Wide Open, No Patch!

Multiple critical vulnerabilities have been discovered in Ruckus Wireless’ Virtual SmartZone (vSZ) and Network Director (RND), posing a serious threat to the security of wireless environments in schools, hospitals, smart cities, and enterprise networks. The flaws—ranging from hardcoded credentials and authentication bypass to unauthenticated remote code execution (RCE)—could allow full compromise of the affected systems.

“These issues may allow full compromise of the environments managed by the affected software,” CERT/CC warns in its disclosure.

Key Vulnerabilities

Here are some of the most severe CVEs reported:

• CVE-2025-44954: Unauthenticated RCE via SSH
  “Anyone with a Ruckus device would also have this private key and be able to ssh… with root-level permissions.”
• CVE-2025-44957: Authentication Bypass via Hardcoded JWT & API Keys
  “Multiple secrets are hardcoded into the vSZ application… providing administrator-level access to anyone.”
• CVE-2025-44963: JWT Token Bypass on RND Web Server
  Attackers with knowledge of a hardcoded secret can craft valid tokens and bypass all authentication on the web interface.
• CVE-2025-44955: Jailbreak with Hardcoded Password
  “The jailbreak requires a weak password that is hardcoded into the environment.”
• CVE-2025-6243: Hardcoded SSH Keys in RND
  A user named sshuser with root privileges has public and private keys stored on the device. If the private key leaks, the door is wide open.

CERT/CC cautions that attackers could chain multiple vulnerabilities to bypass protections:

“Multiple vulnerabilities can be chained to create chained attacks that can allow the attacker to combine attacks to bypass any security controls that prevent only specific attacks.”

In one example, an attacker with basic network access to a vSZ instance can exploit CVE-2025-44954 for unauthenticated SSH access and escalate to full administrative control.

What’s Affected

• Virtual SmartZone (vSZ): A wireless network controller for managing up to 10,000 Ruckus access points and 150,000 clients.
• Ruckus Network Director (RND): Used to centrally manage multiple vSZ clusters.

No Patch Available Yet

Perhaps most concerning is that no patch is currently available, and CERT/CC has not been able to get a response from Ruckus or its parent company.

“We recommend using these products only within isolated management networks accessible to trusted users,” CERT/CC noted.

Until a fix is released, organizations should:

• Isolate affected systems from general network access
• Restrict management access to trusted users over secure protocols (e.g., HTTPS, SSH)
• Monitor for unauthorized access or privilege escalation
• Review firewall rules to minimize exposure

Related Posts:

• Ruckus Networks Issues Security Advisory for Critical RCE Vulnerability in Access Points
• AndoryuBot: The Emerging Botnet Exploiting Ruckus Vulnerability
• Hardcoded Cloud Credentials Found in Popular Mobile Apps: A Major Security Flaw
• Chrome Extension Security Alert: Hidden API Keys Expose 21M+ Users to Risk!
• Ivanti Patches High-Severity Credential Decryption Flaws in Workspace Control