Report a potential issue: [email protected]
Ruckus response to the WPA2 (KRACK) vulnerability:
Ruckus Wireless Support Resource Center
The Ruckus Product Security Team is responsible for researching, analyzing and responding to security incident reports related to Ruckus products. This team is the first point of contact for all security incident reports and works directly with Ruckus customers, security researchers, government organizations, consultants, industry security organizations, and other vendors to identify security issues with Ruckus products. This team is also responsible for publishing security advisories and communicating with outside entities regarding mitigation steps for addressing particular security issues with Ruckus products.
Reporting a Security Issue to Ruckus
Ruckus encourages individuals and organizations to report all Ruckus-related product related vulnerabilities and security issues directly to Ruckus via our email alias: #[email protected].
A link to the Ruckus Security Incident Response Policy is available here.
Please provide a detailed description of the issue along with sufficient information to reasonably enable Ruckus to reproduce the issue. Please also include a technical contact, list of Ruckus products affected and any other helpful information such as logs and console messages etc.
If you are a currently experiencing a network outage or need help configuring a security feature, please contact Ruckus via any of the contact methods listed on the Support Contact page.
|ID||Title||Version||Release Date||Edit Date||FAQ|
|092917||Authenticated Root Command Injection Vulnerabilities in Web-GUI of Ruckus Zone Director Controller and Unleashed APs (CVE-2017-6223, CVE-2017-6224)||1||September 29, 2017||September 29, 2017|
|101617||Multiple Vulnerabilities discovered in 4-way handshake of WPA2 protocols - (KRACK: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)||1.12||October 16, 2017||December 21, 2017|
|101717||Multiple Vulnerabilities discovered in RSA key generation within Infineon TPM||1||October 17, 2017||October 17, 2017|
|10282013||User authentication bypass vulnerability in Ruckus Access Point’s administrative web interface||1||October 28, 2013||October 28, 2013|
|111113-1||Authenticated code injection vulnerability in ZoneDirector administrative web interface||1||September 9, 2013||September 9, 2013|
|111113-2||Authenticated persistent cross site scripting vulnerability in guest pass provisioning web interface on ZoneDirector controllers||1||September 9, 2013||September 9, 2013|
|111116||Linux Kernel Local Privilege Escalation "Dirty Cow" - CVE-2016-5195||1||November 11, 2016||November 11, 2016|
|111414||POODLE SSLv3 vulnerability - CVE-2014-3566||1||November 14, 2014||November 14, 2014|
|112717||Multiple Vulnerabilities in DNSMASQ (CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496, CVE-2017-13704, CVE-2015-3294)||1||November 27, 2017||November 27, 2017|
|123015||Vulnerabilities in OpenSSL Distributions - CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196||1||December 30, 2015||December 30, 2015|