A number of security vulnerabilities are found on the ZoneDirector and Unleashed product lines. Collectively, these vulnerabilities allow an attacker to perform the following actions:

• Unauthenticated, remote code executions and unauthorized command line interface (CLI) and shell access
• Command injections
• Unauthenticated stack overflow
• Unauthenticated arbitrary file writing
• Server-Side Request Forgery (SSRF)

Ruckus Networks is releasing the fix for these vulnerabilities through a software update. Because these are CRITICAL issues, all customers are strongly encouraged to apply the fix once available.

The following table describes the vulnerable products, software versions, and the recommended actions.

We recommend strongly to apply filters to allow remote access only from trusted IP-s.

The source announcement with detailed information: