Support

Security

The Ruckus Product Security Team is responsible for researching, analyzing and responding to security incident reports related to Ruckus products. This team is the first point of contact for all security incident reports and works directly with Ruckus customers, security researchers, government organizations, consultants, industry security organizations, and other vendors to identify security issues with Ruckus products. This team is also responsible for publishing security advisories and communicating with outside entities regarding mitigation steps for addressing particular security issues with Ruckus products.

Reporting a Security Issue to Ruckus

Ruckus encourages individuals and organizations to report all Ruckus-related product related vulnerabilities and security issues directly to Ruckus via our email alias: security@ruckuswireless.com.

A link to the Ruckus Security Incident Response Policy is available here.

Please provide a detailed description of the issue along with sufficient information to reasonably enable Ruckus to reproduce the issue. Please also include a technical contact, list of Ruckus products affected and any other helpful information such as logs and console messages etc.

If you are a currently experiencing a network outage or need help configuring a security feature, please contact Ruckus via any of the contact methods listed at https://support.ruckuswireless.com/contact-us

Ruckus highly recommends protecting the email communication with the PGP key below for encrypting any sensitive information sent to Ruckus.

PGP Key Info:

Key fingerprint: E10F 219D 7AF9 D487 E817 7FED 6583 B91F 8396 D9DF
Key size: 2048-bit
Key ID: 0x 6583B91F8396D9DF
UserID: Ruckus Product Security Team (security@ruckuswireless.com)

PGP Key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)

mQENBFFHVZ0BCACegLjUNyWwXHFVPqY0IEF/MCOAWoVEhL4sS6TS+v1Dqti6fkXv
TrHU8XxXB9apA3yIlVTkvTgMb+To1c2jMMrP1j6mU2t2mgnBtY0DHWQUaK3vSHAe
fO+QLLw3TIyTIdbhbo+fQIxkINTpo84wvtLGZ8zijoNRAovILIfysxhN9/EWNyId
68HdHbbcOiRvh50YYxpLUZdA8vzqhxQo9XvnebDq5WqmpQfP8N7/qh+zM1MfCJaC
3XKthA6yREJVSQ5FGn3vQd/3MgZCEbiRenh4+h8qVkSN1EmvoJhlTYv5wrMTHixs
4B8hfiWMeinlM4jzJYq8CCCSaUIngi3LXQr3ABEBAAG0OlJ1Y2t1cyBQcm9kdWN0
IFNlY3VyaXR5IFRlYW0gPHNlY3VyaXR5QHJ1Y2t1c3dpcmVsZXNzLmNvbT6JAT8E
EwECACkFAlFHVZ0CGy8FCS0kvQAHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAK
CRBlg7kfg5bZ31C5CACUzRxdUk45Lf2iwQHwxT8atlEBfIsOQi3tA5LgAPj/Z3xL
BXolO+XGaU5AU7t1iVhCY1Wp1SFPO4rIE+rEmEwB509AiD/dbIOqBsD9UlDrRvPx
od/ol//3CwBlFHiSspsT8VcO5MEXOUHiCgTg561llXPczhrm1zpvw3536+tlB6sG
PEhnecR8FrXuQEEOsEi8s2t+6wWCq7G6n8UYiccjUnvZNbWwuGyOqUHj6GEo1hjo
xZfJWuIEyJD0L/wWoWalGuBl3gEMpYzplaTzWgUYkhd5rt1Q5TdsR5lJtfyaLsEL
SDjT+XmKt0UMttvnXR05kBXiOzDO3+zp4bTnxN5OuQENBFFHVZ0BCADPhOszuhOw
DORsJhLngKMza3yW/ZVG6Izn9AeXwGab8xxjKUFbp/67J9YBwmR4Mh3oGKDAn1Q+
sH8FVSfkR7som1q/JJxsopdOzidK8OoLV9gM+T2RLTTQ1Y2OveWBKn0uiR9N4ca8
jBU3B0+uSq+E2zKwzEqs/ZsxCRg2N9kShCoi2aEECjk+sfrvItR8zt6zlvzlhQ72
6vYiqQlHKAG8itLjhtjeA8ny0vbor1v23sk0x1rYh1w9ZcH9toz0AdIm2m+/SSr3
3mLzlSw01NjdvzGsEFF7q2bHOnpWgoTaraX4/GuzWVQofqS6yBeZ2ZKakF0CTfaU
Ibjxz+dn+8NnABEBAAGJAkQEGAECAA8FAlFHVZ0CGy4FCS0kvQABKQkQZYO5H4OW
2d/AXSAEGQECAAYFAlFHVZ0ACgkQUfqDlEurOHVsqggArENdxumaqGu8m5+/7cRa
zthuFmysHBehz6zIB7rx/4OQ02daJ/zZBlWN3SKVCLDBk1D+AcXO7uFBZl+lzT8k
rr8e0152BL0ja1w1oQaw/BM7eHWD2M0dSSo11M1O4V7E/Z+g3YewN17U94LnhwKr
kvxXiZzxgUxjQSzWnecWhK+tX2ZdBUh8n6Fk8ffUPw5xY73ic2glpMtPiQbXMJe/
ecFwUDt7H1rF5R19DW6pHxGiSaKt4z23T6Hx/2S88w2sbuIxUU1dIjS2bWT5t1eh
NEAcAh3LIt3Pkbo5M9JtNCPA6iCKufvC/1ULnS5+eM31yO9e8IRxsRsdy5Du6Fxn
ZK21B/95orfceSkRjehhkfXo37a5OkhwIDq7wntstIZdwzkZJUt9FEGAYV5Sdo6f
+yyufm9j3vkMPZCitu0zT2u6O6a6W/OE8eKHCY/Jpa1cw+xnIa1jSjPCnksZR1rr
bFjOOiJmEGGEJdkhKZc4p5cPZqDLSqAmDm9tCNB+P/XVhQtRxrZG3tahl6SUAemn
qaB8XWE/9OkiWJzpQcxSJ5hGsAYdhBF/C+I34VnZZDOzOB6V1WAGdCP3KIWu143X
Gm6dwXYFF8yifwgha1EHl04xa8TK6Ce94AJEvxpbU87Y9tk531vEa5Z0kJXmo1/c
sZ1wMS4xabVwPyLmja/zGsxxAOok
=nDGu
-----END PGP PUBLIC KEY BLOCK-----
  

The PGP Key is also available for download here.
Download our X.509 certificate for communicating securely over email.

Security Bulletins

ID Title Version Release Date Edit Date FAQ
031813-1 Unauthenticated TCP tunneling on Ruckus devices via SSH server process 1 March 25, 2013 March 25, 2013 Download FAQ PDF
031813-2 User authentication bypass vulnerability in ZoneDirector administrative web interface 1 March 25, 2013 March 25, 2013 Download FAQ PDF
111113-1 Authenticated code injection vulnerability in ZoneDirector administrative web interface 1 September 09, 2013 September 09, 2013 Download FAQ PDF
111113-2 Authenticated persistent cross site scripting vulnerability in guest pass provisioning web interface on ZoneDirector controllers 1 September 09, 2013 September 09, 2013 Download FAQ PDF
10282013 User authentication bypass vulnerability in Ruckus Access Point’s administrative web interface 1 October 28, 2013 October 28, 2013 Download FAQ PDF
041414 OpenSSL 1.0.1 library’s “Heart bleed” vulnerability — CVE-2014-0160 1 April 14, 2014 April 14, 2014 Download FAQ PDF
070714 OpenSSL 0.9.8, 1.0.0 & 1.0.1 library's vulnerability - CVE-2014-0224 1 July 7, 2014 July 7, 2014 Download FAQ PDF
092914 GNU Bash vulnerability - CVE-2014-6271 and CVE-2014-7169 2 September 29, 2014 October 8, 2014 Download FAQ PDF