CVE-2021-4474

MEDIUM

Ruckus AP CLI Arbitrary File Read Allows Authenticated Remote File Access

Title source: cna

Description

Ruckus Access Point products contain an arbitrary file read vulnerability in the command-line interface that allows authenticated remote attackers with administrative privileges to read arbitrary files from the underlying filesystem. Attackers can exploit this vulnerability to access sensitive information including configuration files, credentials, and system data stored on the device.

References (2)

Core 2

Core References

Vendor Advisory vendor-advisory

Ruckus Security Bulletin 20210108

https://support.ruckuswireless.com/security_bulletins/306

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/ruckus-ap-cli-arbitrary-file-read-allows-authenticated-remote-file-access

Scores

CVSS v3 4.9

EPSS 0.0046

EPSS Percentile 36.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-552

Status published

Products (8)

Ruckus/RUCKUS Unleashed

Ruckus/SmartZone 100 (SZ-100) (EOL)

Ruckus/SmartZone 100-D (SZ100-D) (EOL)

Ruckus/SmartZone 144 (SZ-144)

Ruckus/SmartZone 144-Dataplane (SZ144-D)

Ruckus/SmartZone 300 (SZ300) (EOL)

Ruckus/ZoneDirector 1200 (EOL)

Ruckus Wireless/RUCKUS Access Point

Published Mar 26, 2026

Tracked Since Mar 27, 2026