Unpatched vulnerabilities in Ruckus Wireless management products pose a significant risk of full network compromise, affecting large organizations and public entities. The security flaws include hardcoded secrets, root access via SSH keys, and command injection, with no patches available yet. #RuckusWireless #CERTCC
Keypoints
- Multiple vulnerabilities in Ruckus Wireless products remain unpatched, enabling potential exploitation.
- Vulnerabilities include hardcoded secrets, command injection, path traversal, and hardcoded SSH keys.
- The affected products, vSZ and RND, manage large-scale WiFi deployments for organizations.
- Security researchers have reported these issues to CERT/CC, but no patches have been released.
- Administrators are advised to limit access to management interfaces and use secure protocols to mitigate risks.