CVE-2025-44960
HIGHDescription
RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route.
Is your site exposed to CVE-2025-44960?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| commscope | ruckus_smartzone_firmware |
| commscope | ruckus_smartzone_firmware |
| commscope | ruckus_smartzone_firmware |
| commscope | ruckus_smartzone_firmware |
| commscope | ruckus_smartzone_firmware |
| commscope | ruckus_smartzone_firmware |
| commscope | ruckus_virtual_smartzone |
| commscope | ruckus_virtual_smartzone-federal |
| commscope | ruckus_c110 |
| commscope | ruckus_e510 |
| commscope | ruckus_h320 |
| commscope | ruckus_h350 |
| commscope | ruckus_h510 |
| commscope | ruckus_m510 |
| commscope | ruckus_r320 |
| commscope | ruckus_r510 |
| commscope | ruckus_r560 |
| commscope | ruckus_r610 |
| commscope | ruckus_r710 |
| commscope | ruckus_r720 |
| commscope | ruckus_r730 |
| commscope | ruckus_r750 |
| commscope | ruckus_smartzone_100 |
| commscope | ruckus_smartzone_100-d |
| commscope | ruckus_smartzone_144 |
| commscope | ruckus_smartzone_144-federal |
| commscope | ruckus_smartzone_300 |
| commscope | ruckus_smartzone_300-federal |
| commscope | ruckus_t310c |
| commscope | ruckus_t310d |
| commscope | ruckus_t310n |
| commscope | ruckus_t310s |
| commscope | ruckus_t350se |
| commscope | ruckus_t750 |
| commscope | ruckus_t750se |
| commscope | ruckus_network_director |
References
Frequently Asked Questions
What is CVE-2025-44960? +
How severe is CVE-2025-44960? +
What products are affected by CVE-2025-44960? +
How do I check if I'm vulnerable to CVE-2025-44960? +
Related Vulnerabilities
Penetration Testing engineers at Amazon discovered a vulnerability where the camera system failed to properly validate input, allowing specially crafted …
An OS Command Injection vulnerability exists in Aterm. If a malicious third person gains administrator access to the product’s web …
3onedata modbus gateway device model GW1101-1D(RS-485)-TB-P (hardware version V2.2.0) allows authenticated users to execute arbitrary shell commands in the context …
WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the adm.cgi binary's reboot_time function that …
WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the makeRequest.cgi binary that allows unauthenticated …
WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the internet.cgi binary that allows unauthenticated …