Vulnerability Description
In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Commscope | Ruckus Smartzone Firmware | < 6.1.2 |
| Commscope | Ruckus Virtual Smartzone | - |
| Commscope | Ruckus Virtual Smartzone-Federal | - |
| Commscope | Ruckus C110 | - |
| Commscope | Ruckus E510 | - |
| Commscope | Ruckus H320 | - |
| Commscope | Ruckus H350 | - |
| Commscope | Ruckus H510 | - |
| Commscope | Ruckus M510 | - |
| Commscope | Ruckus R320 | - |
| Commscope | Ruckus R510 | - |
| Commscope | Ruckus R560 | - |
| Commscope | Ruckus R610 | - |
| Commscope | Ruckus R710 | - |
| Commscope | Ruckus R720 | - |
| Commscope | Ruckus R730 | - |
| Commscope | Ruckus R750 | - |
| Commscope | Ruckus Smartzone 100 | - |
| Commscope | Ruckus Smartzone 100-D | - |
| Commscope | Ruckus Smartzone 144 | - |
Related Weaknesses (CWE)
References
- https://claroty.com/team82/disclosure-dashboard/cve-2025-44961Third Party Advisory
- https://kb.cert.org/vuls/id/613753Third Party AdvisoryUS Government Resource
- https://webresources.commscope.com/download/assets/FAQ+Security+Advisory%3A+ID+2Vendor Advisory
- https://www.kb.cert.org/vuls/id/613753
FAQ
What is CVE-2025-44961?
CVE-2025-44961 is a vulnerability with a CVSS score of 9.9 (CRITICAL). In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user.
How severe is CVE-2025-44961?
CVE-2025-44961 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-44961?
Check the references section above for vendor advisories and patch information. Affected products include: Commscope Ruckus Smartzone Firmware, Commscope Ruckus Virtual Smartzone, Commscope Ruckus Virtual Smartzone-Federal, Commscope Ruckus C110, Commscope Ruckus E510.