Primary

Context

Ruckus Network Director Privilege Escalation Vulnerability via Hardcoded Password

Vulnerability

A vulnerability in Ruckus Network Director (RND) prior to version 4.5 allows jailed users to gain root access by exploiting a weak, hardcoded password. RND includes a restricted environment for users to manage devices without full access to the operating system. However, this environment contains a built-in jailbreak that can be activated with the hardcoded password, granting root permissions on the server.

Impact

Exploitation of this vulnerability allows authenticated users to elevate privileges and gain root access on the affected RND server.

Remediation

Ruckus has released patches for this vulnerability. Users are advised to upgrade to Ruckus Network Director versions 3.0, 4.0, or 4.5. For those with a KSP applied in their SmartZone, contact Ruckus support to avoid possible KSP conflicts.

Added: Aug 4, 2025, 4:25 PM

Updated: Aug 4, 2025, 4:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ruckus Network Director Privilege Escalation Vulnerability via Hardcoded Password

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating