Report a potential issue: [email protected]

The Ruckus Security Incident Response Policy

View customer-only security bulletins

Ruckus response to the WPA2 (KRACK) vulnerability:
Ruckus Wireless Support Resource Center

The Ruckus Product Security Team is responsible for researching, analyzing and responding to security incident reports related to Ruckus products. This team is the first point of contact for all security incident reports and works directly with Ruckus customers, security researchers, government organizations, consultants, industry security organizations, and other vendors to identify security issues with Ruckus products. This team is also responsible for publishing security advisories and communicating with outside entities regarding mitigation steps for addressing particular security issues with Ruckus products.

Reporting a Security Issue to Ruckus

Ruckus encourages individuals and organizations to report all Ruckus-related product related vulnerabilities and security issues directly to Ruckus via our email alias: [email protected].

A link to the Ruckus Security Incident Response Policy is available here.

Please provide a detailed description of the issue along with sufficient information to reasonably enable Ruckus to reproduce the issue. Please also include a technical contact, list of Ruckus products affected and any other helpful information such as logs and console messages etc.

If you are a currently experiencing a network outage or need help configuring a security feature, please contact Ruckus via any of the contact methods listed on the Support Contact page.

Ruckus highly recommends protecting the email communication with the PGP key below for encrypting any sensitive information sent to Ruckus.

To send the confidential information always use PGP Keys only. Please ask for the key info and keys by sending email to [email protected].

Security Bulletins

IDTitleVersionRelease DateEdit DateFAQ
20180319Security vulnerabilities addressed by NTP (CVE-2016-1549, CVE-2018-7182, CVE-2018-7170, CVE-2018-7184, CVE-2018-7185, CVE-2018-7183)1March 19, 2018March 19, 2018
20180226XSS vulnerability in Ruckus ICX FastIron - (CVE-2013-6786)1February 26, 2018February 26, 2018
20180203Java JMX and RMI security vulnerabilities (CVE-2017-15708, CVE-2016-8735)1February 13, 2018February 13, 2018
20180202Authenticated Root Command Injection Vulnerabilities in CLI of ZD/Unleashed APs and Web-GUI of Solo/SZ Managed APs (CVE02017-6229, CVE-2017-6230)1February 5, 2018February 5, 2018
20180116Intel Management Engine impersonation security vulnerabilities1.0January 16, 2018January 16, 2018
20180105Spectre and Meltdown Vulnerabilities - (CVE-2017-5753 CVE-2017-5715 CVE-2017-5754)1.1January 5, 2018January 16, 2018
112717Multiple Vulnerabilities in DNSMASQ (CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496, CVE-2017-13704, CVE-2015-3294)1November 27, 2017November 27, 2017
101717Multiple Vulnerabilities discovered in RSA key generation within Infineon TPM1October 17, 2017October 17, 2017
101617Multiple Vulnerabilities discovered in 4-way handshake of WPA2 protocols - (KRACK: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)1.12October 16, 2017December 21, 2017
092917Authenticated Root Command Injection Vulnerabilities in Web-GUI of Ruckus Zone Director Controller and Unleashed APs (CVE-2017-6223, CVE-2017-6224)1September 29, 2017September 29, 2017