Introduction
A single RUCKUS SmartZone controller can manage up to 10000 access points and 150000 clients. When a critical vulnerability is found in this platform, the risk extends to large-scale enterprise, education, healthcare, and municipal Wi-Fi deployments worldwide. In July 2025, security researchers uncovered a set of nine critical flaws in RUCKUS management products. One of the most severe, CVE-2025-44960, enables authenticated attackers to execute arbitrary operating system commands through a vulnerable API parameter.
About RUCKUS Networks: RUCKUS, a subsidiary of CommScope, is a major player in the enterprise wireless networking space. Their SmartZone product line is widely deployed in high-density environments such as universities, hospitals, hotels, and public infrastructure. The scale and central role of these controllers make vulnerabilities in their management interfaces particularly impactful for organizations and their users.
Technical Information
CVE-2025-44960 is an OS command injection vulnerability affecting RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build. The flaw is rooted in the improper sanitization of a specific API parameter. When an authenticated user submits crafted input to this parameter, the input is passed unsanitized to an underlying operating system command. This allows the attacker to inject arbitrary commands, which are executed with the privileges of the SmartZone management application. The vulnerability is classified as CWE-78 (Improper Neutralization of Special Elements used in an OS Command).
The attack vector is remote and requires authenticated access to the affected API route. The exact parameter and API route details have not been disclosed in public advisories. No public code snippets or proof of concept have been released by the researchers or vendor. The vulnerability can be chained with other flaws such as authentication bypass or hardcoded secrets, increasing the risk of exploitation in real-world scenarios.
Affected Systems and Versions
- RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build is vulnerable
- All deployments running versions prior to 6.1.2p3 Refresh Build are affected
- The vulnerability is present in both physical and virtual SmartZone appliances
- Only systems with management API access exposed are at risk
Vendor Security History
RUCKUS Networks has previously faced security issues in their management products. In July 2025, nine critical vulnerabilities were disclosed by Claroty Team82, including authentication bypass, hardcoded secrets, arbitrary file read, and OS command injection. The vendor's response to coordinated disclosure was slow, with multiple reports of communication challenges and delayed patch availability. This incident highlights the need for improved security processes and faster response times within RUCKUS and its parent company CommScope.