CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2025-44961

CVSS 9.9v3.1pub. 2025-08-04upd. 2025-11-03

In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user.

🤖 AI Analysis
How it works

The RUCKUS SmartZone application does not properly filter input data in the IP address field provided by a logged-in user. An attacker can place malicious system commands (OS command injection, CWE-78) in this field, which will be executed by the device's operating system. The attack is possible remotely over the network without requiring physical access, and the required privilege level is low (user authentication).

Impact

An attacker can gain full control over the device's operating system, including confidentiality, integrity and availability of data and services. Due to the changed scope (Scope:Changed), the exploit may affect other network infrastructure resources beyond the device itself.

Mitigation & patch

RUCKUS SmartZone should be updated to version 6.1.2p3 Refresh Build or later as soon as possible. If immediate update is not possible, restrict access to the SmartZone management interface exclusively to trusted IP addresses and minimize the number of accounts with system access. Details available in the manufacturer's references (Commscope Security Advisory ID 20250710).

Who is affected

RUCKUS SmartZone (SZ) in all versions prior to 6.1.2p3 Refresh Build, affecting Commscope Ruckus E510, Ruckus R560, Ruckus Network Director, Ruckus H320 and Ruckus T310C devices

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Commscope Ruckus C110

    HW
    Commscope
    wszystkie wersje
  • Commscope Ruckus E510

    HW
    Commscope
    wszystkie wersje
  • Commscope Ruckus H320

    HW
    Commscope
    wszystkie wersje
  • Commscope Ruckus H350

    HW
    Commscope
    wszystkie wersje
  • Commscope Ruckus H510

    HW
    Commscope
    wszystkie wersje
  • Commscope Ruckus M510

    HW
    Commscope
    wszystkie wersje
  • Commscope Ruckus Network Director

    APP
    Commscope
    < 4.5.0.51
  • Commscope Ruckus R320

    HW
    Commscope
    wszystkie wersje
  • Commscope Ruckus R510

    HW
    Commscope
    wszystkie wersje
  • Commscope Ruckus R560

    HW
    Commscope
    wszystkie wersje
  • Commscope Ruckus R610

    HW
    Commscope
    wszystkie wersje
  • Commscope Ruckus R710

    HW
    Commscope
    wszystkie wersje
  • Commscope Ruckus R720

    HW
    Commscope
    wszystkie wersje
  • Commscope Ruckus R730

    HW
    Commscope
    wszystkie wersje
  • Commscope Ruckus R750

    HW
    Commscope
    wszystkie wersje
  • Commscope Ruckus Smartzone 100

    HW
    Commscope
    wszystkie wersje
  • Commscope Ruckus Smartzone 100 D

    HW
    Commscope
    wszystkie wersje
  • Commscope Ruckus Smartzone 144

    HW
    Commscope
    wszystkie wersje
  • Commscope Ruckus Smartzone 144 Federal

    HW
    Commscope
    wszystkie wersje
  • Commscope Ruckus Smartzone 300

    HW
    Commscope
    wszystkie wersje
  • Commscope Ruckus Smartzone 300 Federal

    HW
    Commscope
    wszystkie wersje
  • Commscope Ruckus Smartzone Firmware

    OS
    Commscope
    6.1.27.0.07.1.0< 6.1.2
  • Commscope Ruckus T310c

    HW
    Commscope
    wszystkie wersje
  • Commscope Ruckus T310d

    HW
    Commscope
    wszystkie wersje
  • Commscope Ruckus T310n

    HW
    Commscope
    wszystkie wersje
  • Commscope Ruckus T310s

    HW
    Commscope
    wszystkie wersje
  • Commscope Ruckus T350se

    HW
    Commscope
    wszystkie wersje
  • Commscope Ruckus T750

    HW
    Commscope
    wszystkie wersje
  • Commscope Ruckus T750se

    HW
    Commscope
    wszystkie wersje
  • Commscope Ruckus Virtual Smartzone

    APP
    Commscope
    wszystkie wersje
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2023-25717CRITICAL9.8⚠ KEVten sam produkt

Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as de...

CVE-2025-67304CRITICAL9.8PL ✓ten sam produkt

Hardcoded credentials w Ruckus Network Director — dostęp do PostgreSQL i RCE

CVE-2025-67305CRITICAL9.8PL ✓ten sam produkt

Hardcoded SSH keys w Commscope RUCKUS Network Director (RCE)

CVE-2025-44954CRITICAL9.0PL ✓ten sam produkt

Hardcoded SSH private key w RUCKUS SmartZone — dostęp root zdalnie

CVE-2025-44963CRITICAL9.0PL ✓ten sam produkt

Hardcodowany klucz JWT w Commscope Ruckus Network Director — spoofing administratora