The Ruckus Product Security Team is responsible for researching, analyzing and responding to security incident reports related to Ruckus products. This team is the first point of contact for all security incident reports and works directly with Ruckus customers, security researchers, government organizations, consultants, industry security organizations, and other vendors to identify security issues with Ruckus products. This team is also responsible for publishing security advisories and communicating with outside entities regarding mitigation steps for addressing particular security issues with Ruckus products.
Reporting a Security Issue to Ruckus
Ruckus encourages individuals and organizations to report all Ruckus-related product related vulnerabilities and security issues directly to Ruckus via our email alias: [email protected].
A link to the Ruckus Security Incident Response Policy is available here.
Please provide a detailed description of the issue along with sufficient information to reasonably enable Ruckus to reproduce the issue. Please also include a technical contact, list of Ruckus products affected and any other helpful information such as logs and console messages etc.
If you are a currently experiencing a network outage or need help configuring a security feature, please contact Ruckus via any of the contact methods listed at https://support.ruckuswireless.com/contact-us
Ruckus highly recommends protecting the email communication with the PGP key below for encrypting any sensitive information sent to Ruckus.
To send the confidential information always use PGP Keys only. Please ask for the key info an keys by sending email to [email protected].
Security Bulletins
| ID |
Title |
Version |
Release Date |
Edit Date |
FAQ |
| 062117 |
Vulnerabilities in Web GUI Interface on Ruckus Unmanaged-APs – CVE-2016-1000213, CVE-2016-1000214, CVE-2016-1000215, CVE-2016-1000216 |
1 |
June 21, 2017 |
June 21, 2017 |
Download FAQ PDF |
| 030117 |
Vulnerabilities in Dropbear SSH – CVE-2016-7406, CVE-2016-7407, CVE- 2016-2408, CVE-2016-2409 |
1 |
March 01, 2017 |
March 01, 2017 |
Download FAQ PDF |
| 022717 |
Vulnerabilities in OpenSSL – CVE-2017-3730, CVE-2017-3731, CVE-2017- 3732, CVE-2016-6304, CVE-2016-6305 |
1 |
February 27, 2017 |
February 27, 2017 |
Download FAQ PDF |
| 111116 |
Linux Kernel Local Privilege Escalation "Dirty Cow" - CVE-2016-5195 |
1 |
November 11, 2016 |
November 11, 2016 |
Download FAQ PDF |
| 081516 |
Linux TCP Flaw - CVE-2016-5696 |
1 |
August 15, 2016 |
August 15, 2016 |
Download FAQ PDF |
| 080216 |
Vulnerabilities in WebGUI Interface on Ruckus Unmanaged-APs |
1 |
August 2, 2016 |
August 2, 2016 |
Download FAQ PDF |
| 071216 |
Vulnerabilities in OpenSSL and Related Updates - CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176 |
1 |
July 12, 2016 |
July 12, 2016 |
Download FAQ PDF |
| 051616 |
Vulnerabilities in OpenSSL and Related Updates - CVE-2016-0800, CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702, CVE-2016-0703, CVE-2016-0704 |
1 |
May 16, 2016 |
May 16, 2016 |
Download FAQ PDF |
| 022916 |
Vulnerabilities in Linux GNU C (libc) Distributions - CVE-2015-7547 |
1 |
February 29, 2016 |
February 29, 2016 |
Download FAQ PDF |
| 123015 |
Vulnerabilities in OpenSSL Distributions - CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196 |
1 |
December 30, 2015 |
December 30, 2015 |
Download FAQ PDF |
| 090315 |
Vulnerabilities in OpenSSH Distributions - CVE-2015-5600, CVE-2015-6563, CVE-2015-6564 |
1 |
September 3, 2015 |
September 3, 2015 |
Download FAQ PDF |
| 072115 |
X509_verify_cert function vulnerability in OpenSSL - CVE-2015-1793 |
1 |
July 21, 2015 |
July 21, 2015 |
Download FAQ PDF |
| 071715 |
Packet Injection Vulnerability on 802.11n MAC Frame Aggregation |
1 |
July 17, 2015 |
July 17, 2015 |
Download FAQ PDF |
| 020215 |
glibc library vulnerability (commonly referred as ‘Ghost’) - CVE-2015-0235 |
1 |
February 2, 2015 |
February 2, 2015 |
Download FAQ PDF |
| 123114 |
Network Time Protocol (NTP) vulnerability - CVE-2014-9295 |
1 |
December 31, 2014 |
December 31, 2014 |
Download FAQ PDF |
| 111414 |
POODLE SSLv3 vulnerability - CVE-2014-3566 |
1 |
November 14, 2014 |
November 14, 2014 |
Download FAQ PDF |
| 092914 |
GNU Bash vulnerability - CVE-2014-6271 and CVE-2014-7169 |
2 |
September 29, 2014 |
October 8, 2014 |
Download FAQ PDF |
| 070714 |
OpenSSL 0.9.8, 1.0.0 & 1.0.1 library's vulnerability - CVE-2014-0224 |
1 |
July 7, 2014 |
July 7, 2014 |
Download FAQ PDF |
| 041414 |
OpenSSL 1.0.1 library’s “Heart bleed” vulnerability — CVE-2014-0160 |
1 |
April 14, 2014 |
April 14, 2014 |
Download FAQ PDF |
| 10282013 |
User authentication bypass vulnerability in Ruckus Access Point’s administrative web interface |
1 |
October 28, 2013 |
October 28, 2013 |
Download FAQ PDF |
| 111113-1 |
Authenticated code injection vulnerability in ZoneDirector administrative web interface |
1 |
September 09, 2013 |
September 09, 2013 |
Download FAQ PDF |
| 111113-2 |
Authenticated persistent cross site scripting vulnerability in guest pass provisioning web interface on ZoneDirector controllers |
1 |
September 09, 2013 |
September 09, 2013 |
Download FAQ PDF |
| 031813-1 |
Unauthenticated TCP tunneling on Ruckus devices via SSH server process |
1 |
March 25, 2013 |
March 25, 2013 |
Download FAQ PDF |
| 031813-2 |
User authentication bypass vulnerability in ZoneDirector administrative web interface |
1 |
March 25, 2013 |
March 25, 2013 |
Download FAQ PDF |
