CVE Vulnerabilities

CVE-2025-44954

Use of Default Cryptographic Key

Published: Aug 04, 2025 | Modified: Aug 07, 2025
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account.

Weakness

The product uses a default cryptographic key for potentially critical functionality.

Affected Software

Name Vendor Start Version End Version
Ruckus_smartzone_firmware Commscope * 6.1.2 (excluding)
Ruckus_smartzone_firmware Commscope 6.1.2 (including) 6.1.2 (including)
Ruckus_smartzone_firmware Commscope 6.1.2-p2 (including) 6.1.2-p2 (including)
Ruckus_smartzone_firmware Commscope 6.1.2-p3 (including) 6.1.2-p3 (including)
Ruckus_smartzone_firmware Commscope 7.0.0 (including) 7.0.0 (including)
Ruckus_smartzone_firmware Commscope 7.1.0 (including) 7.1.0 (including)

Potential Mitigations

References