Volerion logoVolerion
Volerion logoVolerion

Ruckus Virtual SmartZone OS Command Injection Vulnerability Allowing Remote Code Execution

Vulnerability

A command injection vulnerability has been identified in Ruckus SmartZone (SZ) versions prior to 6.1.2p3 Refresh Build. This vulnerability allows authenticated users to inject operating system commands via an IP address field, which is not properly sanitized before execution. As a result, an attacker could execute arbitrary commands on the server, potentially leading to remote code execution.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Remediation

Ruckus has released patches for this vulnerability. Users are advised to upgrade to version 6.1.2p3 Refresh Build or to one of the KSP versions available for 5.2.2, 5.2.1.3, or 7.1. For Ruckus Network Director, users should upgrade to version 3.0, 4.0, or 4.5.

Added: Aug 4, 2025, 5:30 PM
Updated: Aug 4, 2025, 5:30 PM

Vulnerability Rating

Custom Algorithm
spread
2.6
impact
10.0
exploitability
4.9
remediation
7.9
relevance
0.3
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.