RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key.
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HCommscope Ruckus Network Director
APPCommscope< 4.5.0.0
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
Related vulnerabilities
CVE-2025-67304CRITICAL9.8PL ✓ten sam produkt
Hardcoded credentials w Ruckus Network Director — dostęp do PostgreSQL i RCE
CVE-2025-67305CRITICAL9.8PL ✓ten sam produkt
Hardcoded SSH keys w Commscope RUCKUS Network Director (RCE)
CVE-2025-44961CRITICAL9.9PL ✓ten sam produkt
Command injection w RUCKUS SmartZone przez pole adresu IP
CVE-2025-44960HIGH8.5ten sam produkt
RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an A...
CVE-2025-44955HIGH8.8ten sam produkt
RUCKUS Network Director (RND) before 4.5 allows jailed users to obtain root access vis a weak, hardcoded passw...