Report a potential issue: [email protected]

The Ruckus Security Incident Response Policy

View customer-only security bulletins

Ruckus response to the WPA2 (KRACK) vulnerability:
Ruckus Wireless Support Resource Center

The Ruckus Product Security Team is responsible for researching, analyzing and responding to security incident reports related to Ruckus products. This team is the first point of contact for all security incident reports and works directly with Ruckus customers, security researchers, government organizations, consultants, industry security organizations, and other vendors to identify security issues with Ruckus products. This team is also responsible for publishing security advisories and communicating with outside entities regarding mitigation steps for addressing particular security issues with Ruckus products.

Reporting a Security Issue to Ruckus

Ruckus encourages individuals and organizations to report all Ruckus-related product related vulnerabilities and security issues directly to Ruckus via our email alias: #[email protected].

A link to the Ruckus Security Incident Response Policy is available here.

Please provide a detailed description of the issue along with sufficient information to reasonably enable Ruckus to reproduce the issue. Please also include a technical contact, list of Ruckus products affected and any other helpful information such as logs and console messages etc.

If you are a currently experiencing a network outage or need help configuring a security feature, please contact Ruckus via any of the contact methods listed on the Support Contact page.

Security Bulletins

IDTitleVersionRelease DateEdit DateFAQ
020215glibc library vulnerability (commonly referred as ‘Ghost’) - CVE-2015-02351February 2, 2015February 2, 2015
022717Vulnerabilities in OpenSSL – CVE-2017-3730, CVE-2017-3731, CVE-2017- 3732, CVE-2016-6304, CVE-2016-63051February 27, 2017February 27, 2017
022916Vulnerabilities in Linux GNU C (libc) Distributions - CVE-2015-75471February 29, 2016February 29, 2016
030117Vulnerabilities in Dropbear SSH – CVE-2016-7406, CVE-2016-7407, CVE- 2016-2408, CVE-2016-24091March 1, 2017March 1, 2017
031813-1Unauthenticated TCP tunneling on Ruckus devices via SSH server process1March 25, 2013March 25, 2013
031813-2User authentication bypass vulnerability in ZoneDirector administrative web interface1March 25, 2013March 25, 2013
041414OpenSSL 1.0.1 library’s “Heart bleed” vulnerability — CVE-2014-01601April 14, 2014April 14, 2014
051616Vulnerabilities in OpenSSL and Related Updates - CVE-2016-0800, CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702, CVE-2016-0703, CVE-2016-07041May 16, 2016May 16, 2016
062117Vulnerabilities in Web GUI Interface on Ruckus Unmanaged-APs – CVE-2016-1000213, CVE-2016-1000214, CVE-2016-1000215, CVE-2016-10002161June 21, 2017June 21, 2017
070714OpenSSL 0.9.8, 1.0.0 & 1.0.1 library's vulnerability - CVE-2014-02241July 7, 2014July 7, 2014