Primary

Context

Ruckus SmartZone OS Command Injection Vulnerability Allowing Remote Code Execution

Vulnerability

Patched

A remote code execution vulnerability has been identified in Ruckus SmartZone (SZ) versions prior to 6.1.2p3 Refresh Build. The issue arises from improper sanitization of a user-controlled parameter in an API route, allowing for OS command injection. An attacker could exploit this vulnerability by injecting a malicious payload that is executed as a command on the operating system, leading to unauthorized code execution.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Remediation

Users are advised to upgrade to Ruckus SmartZone versions 6.1.2p3 Refresh Build, 7.1, 5.2.2, or 5.2.1.3. For those with the Ruckus Network Director, upgrading to versions 3.0, 4.0, or 4.5 is recommended. After applying the KSP for SmartZone, contact the Ruckus support team to avoid possible KSP conflicts.

Added: Aug 4, 2025, 5:33 PM

Updated: Aug 4, 2025, 5:33 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

10.0

exploitability

7.0

remediation

7.9

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

10.0

exploitability

7.0

remediation

7.9

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ruckus SmartZone OS Command Injection Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

Ruckus SmartZone

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating