Critical Ruckus Wireless Flaws Threaten Enterprise Wi‑Fi Security

Critical Ruckus Wireless Flaws Threaten Enterprise Wi‑Fi Security

Multiple critical vulnerabilities discovered in Ruckus Wireless management products pose severe security risks to enterprise networks, with issues ranging from authentication bypass to remote code execution that could lead to complete system compromise.

The vulnerabilities affect Virtual SmartZone (vSZ) and Network Director (RND) software used to manage large-scale wireless deployments across schools, hospitals, and smart cities.

Widespread Impact on Enterprise Infrastructure

The U.S. Computer Emergency Readiness Team (CERT/CC) released vulnerability note VU#613753 on July 8, 2025, detailing nine critical security flaws that could allow attackers to gain full administrative control over wireless network management systems.

These vulnerabilities are particularly concerning given that Ruckus systems can manage up to 10,000 access points and 150,000 connected clients in a single deployment.

CVE ID Vulnerability Type Impact
CVE-2025-44954 Hardcoded SSH Keys Unauthenticated RCE
CVE-2025-44955 Hardcoded Password Privilege Escalation
CVE-2025-44957 Hardcoded Secrets Authentication Bypass
CVE-2025-44958 Recoverable Passwords Information Disclosure
CVE-2025-44960 Command Injection Remote Code Execution
CVE-2025-44961 Command Injection Remote Code Execution
CVE-2025-44962 Path Traversal Arbitrary File Read
CVE-2025-44963 Hardcoded JWT Token Authentication Bypass
CVE-2025-6243 Hardcoded SSH Key Unauthorized Access

The most severe vulnerability, CVE-2025-44954, involves hardcoded default SSH keys that grant unauthenticated remote code execution capabilities.

This flaw essentially provides attackers with root-level access to affected systems without requiring any authentication. Security researchers from Claroty Team82, led by Noam Moshe, discovered these vulnerabilities during their investigation of the wireless management platforms.

Several vulnerabilities stem from poor authentication mechanisms and hardcoded secrets. CVE-2025-44957 exposes hardcoded JWT signing keys and API credentials that enable authentication bypass, allowing unauthorized users to gain administrator privileges.

Similarly, CVE-2025-44963 affects the Network Director platform through hardcoded JWT tokens that can be exploited to circumvent standard authentication procedures.

The authentication problems extend to password management, with CVE-2025-44958 revealing that the RND platform stores passwords in a recoverable format using weak encryption keys.

Additionally, CVE-2025-44955 exposes a hardcoded password for a built-in jailbreak mechanism designed for technician access.

Beyond authentication issues, the vulnerabilities include multiple remote code execution vectors. CVE-2025-44960 and CVE-2025-44961 both involve insufficient input validation in API parameters, allowing attackers to inject malicious commands that execute with elevated privileges.

These flaws can be chained together to create sophisticated attack scenarios that bypass individual security controls.

Notably, CERT/CC reported being unable to reach Ruckus Wireless or parent company CommScope for their response to these disclosures.

No patches are currently available for any of the identified vulnerabilities. Network administrators are advised to isolate management networks and restrict access to trusted users only, implementing secure protocols like HTTPS and SSH for all management communications.

Organizations using affected Ruckus products should implement immediate network isolation measures while awaiting vendor patches.

Stay Updated on Daily Cybersecurity News . Follow us on Google News, LinkedIn, and X.


Source link