Security researchers have uncovered nine vulnerabilities in Ruckus Networks' widely used Wi-Fi management platforms: Virtual SmartZone (vSZ) and Ruckus Network Director (RND).
Despite repeated outreach attempts by researchers and CERT/CC, Ruckus and its parent company CommScope have not responded, leaving organizations exposed to potential full compromise of their wireless infrastructure.
These products are widely used to manage large-scale wireless deployments in schools, hospitals, smart cities, and enterprise environments.
The issues range from unauthenticated remote code execution (RCE) to hardcoded credentials, authentication bypass, and weak encryption. Threat actors could exploit these flaws to:
- Gain root-level access to management devices
- Bypass authentication using hardcoded JWT tokens and API keys
- Read sensitive files via path traversal
- Execute arbitrary OS commands through unsanitized API inputs
- Recover plaintext passwords encrypted with weak, hardcoded keys
One of the most critical issues, CVE-2025-44954, allows unauthenticated SSH access using default public/private keys embedded in the vSZ software. Anyone with access to these keys can log in as root.
The vulnerabilities could also be chained together, granting threat actors full administrative control of affected devices.
As of July 10, 2025, no official fixes, security advisories, or updates have been published.
Analyst notes:
To reduce exposure to the Ruckus vulnerabilities, immediately disconnect all Ruckus vSZ and RND management interfaces from internet-facing networks and ensure they’re only accessible from trusted internal segments.
Use strong, unique credentials for every account, disable default keys, and restrict access to administrative interfaces through secure protocols like HTTPS and SSH.
Meanwhile, monitor logs for suspicious activity and consider migrating to alternative systems if patches remain unavailable.