Ruckus AP CLI Arbitrary File Read Allows Authenticated Remote File Access

Advisories

Ruckus AP CLI Arbitrary File Read Allows Authenticated Remote File Access

severity: medium
date: 3/26/2026
Affecting: RUCKUS Access Point
RUCKUS Unleashed
SmartZone 100 (SZ-100) (EOL)
SmartZone 100-D (SZ100-D) (EOL)
SmartZone 144 (SZ-144)
SmartZone 144-Dataplane (SZ144-D)
SmartZone 300 (SZ300) (EOL)
ZoneDirector 1200 (EOL)
CVE: CVE-2021-4474
CWE: CWE-552 Files or Directories Accessible to External Parties
CVSS: 6.9
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
References: Ruckus Security Bulletin 20210108
Description: Ruckus Access Point products contain an arbitrary file read vulnerability in the command-line interface that allows authenticated remote attackers with administrative privileges to read arbitrary files from the underlying filesystem. Attackers can exploit this vulnerability to access sensitive information including configuration files, credentials, and system data stored on the device.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo