VU#613753: Ruckus Virtual Smar... Note

VU#613753: Ruckus Virtual SmartZone (vSZ) and Ruckus Network Director (RND) contain multiple vulnerabilities

Multiple vulnerabilities have been identified in Ruckus Wireless management products, including Virtual SmartZone (vSZ) and Network Director (RND). These vulnerabilities include authentication bypass, hardcoded secrets, arbitrary file read, and unauthenticated remote code execution. The issues may allow full compromise of the environments managed by the affected software. Ruckus Wireless provides networking devices for venues with many end points connected to the internet. Virtual SmartZone is a wireless network control software that can manage large-scale networks. Ruckus Network Director is software for managing multiple vSZ clusters on a single network. The identified vulnerabilities include hardcoded secrets, arbitrary file read, and unauthenticated remote code execution. These vulnerabilities can be chained to create attacks that bypass security controls. No patches have been supplied by the vendor, and network administrators are advised to limit access to the wireless management environments to mitigate risk. The vulnerabilities were reported by Noam Moshe of Claroty Team82 and documented by CERT/CC.