Critical Ruckus Wireless Vulnerabilities Exposes Enterprise Wireless Networks

Multiple critical security vulnerabilities have been identified in Ruckus Wireless management products, putting enterprise wireless networks at severe risk of compromise.

The vulnerabilities affect Virtual SmartZone (vSZ) and Network Director (RND) platforms, which manage large-scale wireless deployments across schools, hospitals, multi-tenant residences, and smart cities.

With no vendor patches currently available, security researchers are urging organizations to implement immediate mitigation strategies to protect their wireless infrastructure.

Security researchers from Claroty Team82 have uncovered nine distinct vulnerabilities in Ruckus Wireless products, with severity levels ranging from authentication bypass to unauthenticated remote code execution:

• CVE-2025-44954 – Hardcoded default SSH keys allowing unauthenticated attackers to gain root-level access to vSZ systems through a built-in user account with administrator privileges and predictable RSA keys.
  
• CVE-2025-44957 – Hardcoded secrets including JWT signing keys and API credentials, enabling attackers to bypass authentication mechanisms and gain administrator access.
  
• CVE-2025-44962 – Authenticated arbitrary file read vulnerability allowing path traversal attacks to access sensitive system files through directory manipulation techniques.
  
• CVE-2025-44960 – Remote code execution vulnerability through improper input sanitization in API routes.
  
• CVE-2025-44961 – Remote code execution vulnerability via command injection, enabling attackers to execute malicious commands on compromised systems.
  
• CVE-2025-44963 – Hardcoded JWT tokens in RND systems allowing authentication bypass.
  
• CVE-2025-44955 – Hardcoded weak passwords in RND jailed environments enabling privilege escalation.
  
• CVE-2025-6243 – Hardcoded SSH public keys for built-in users with root privileges.
  
• CVE-2025-44958 – Recoverable password storage using weak encryption, allowing credential decryption if systems are compromised.

These vulnerabilities enable attackers to execute malicious commands on compromised systems, potentially leading to complete system takeover and total compromise of wireless management environments.

Critical Ruckus Wireless Vulnerabilities

The discovered vulnerabilities create catastrophic risk scenarios for organizations relying on Ruckus Wireless infrastructure.

Virtual SmartZone platforms, capable of managing up to 10,000 access points and 150,000 connected clients, become completely vulnerable to network-based attacks.

Successful exploitation could result in total compromise of wireless management environments, affecting entire organizational networks.

Ruckus Network Director (RND) faces equally severe risks through vulnerabilities CVE-2025-44963, CVE-2025-44955, and CVE-2025-6243.

These vulnerabilities involve hardcoded JWT tokens, weak passwords in jailed environments, and predictable SSH keys that grant root-level access.

The combination of these vulnerabilities enables attack chaining, where multiple exploits can be combined to bypass security controls systematically.

The CVE-2025-44958 vulnerability compounds these risks by storing passwords in recoverable formats using weak encryption keys.

Mitigations

Currently, no official patches have been released by Ruckus Wireless or parent company CommScope to address these vulnerabilities.

CERT/CC has been unable to establish communication with the vendor regarding response timelines or remediation plans. This absence of vendor communication has prompted security researchers to recommend immediate defensive measures.

Organizations should implement network segmentation to isolate wireless management environments from broader network infrastructure.

Access to vSZ and RND platforms should be restricted to trusted administrators through secure protocols like HTTPS and SSH.

Additionally, implementing strong authentication controls and network access controls can limit potential attack vectors.

Security teams should monitor these platforms for unusual activity and consider deploying additional security layers such as intrusion detection systems specifically configured for wireless management traffic.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.