CVE-2021-4474 PUBLISHED

Ruckus AP CLI Arbitrary File Read Allows Authenticated Remote File Access

Assigner: VulnCheck
Reserved: 23.03.2026 Published: 26.03.2026 Updated: 26.03.2026

Ruckus Access Point products contain an arbitrary file read vulnerability in the command-line interface that allows authenticated remote attackers with administrative privileges to read arbitrary files from the underlying filesystem. Attackers can exploit this vulnerability to access sensitive information including configuration files, credentials, and system data stored on the device.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CVSS Score: 6.9

Product Status

Vendor Ruckus Wireless
Product RUCKUS Access Point
Versions Default: unaffected
  • Version 0 is affected
Vendor Ruckus
Product RUCKUS Unleashed
Versions Default: affected
  • Version 0 is affected
Vendor Ruckus
Product SmartZone 100 (SZ-100) (EOL)
Versions Default: affected
  • Version 0 is affected
Vendor Ruckus
Product SmartZone 100-D (SZ100-D) (EOL)
Versions Default: affected
  • Version 0 is affected
Vendor Ruckus
Product SmartZone 144 (SZ-144)
Versions Default: affected
  • Version 0 is affected
Vendor Ruckus
Product SmartZone 144-Dataplane (SZ144-D)
Versions Default: affected
  • Version 0 is affected
Vendor Ruckus
Product SmartZone 300 (SZ300) (EOL)
Versions Default: affected
  • Version 0 is affected
Vendor Ruckus
Product ZoneDirector 1200 (EOL)
Versions Default: affected
  • Version 0 is affected

References

Problem Types

  • CWE-552 Files or Directories Accessible to External Parties CWE