Ruckus Access Point products contain an arbitrary file read vulnerability in the command-line interface that allows authenticated remote attackers with administrative privileges to read arbitrary files from the underlying filesystem. Attackers can exploit this vulnerability to access sensitive information including configuration files, credentials, and system data stored on the device.
PUBLISHED5.2CWE-552
Ruckus AP CLI Arbitrary File Read Allows Authenticated Remote File Access
Problem type
Affected products
Ruckus Wireless
RUCKUS Access Point
0 - AFFECTED
Ruckus
RUCKUS Unleashed
0 - AFFECTED
SmartZone 100 (SZ-100) (EOL)
0 - AFFECTED
SmartZone 100-D (SZ100-D) (EOL)
0 - AFFECTED
SmartZone 144 (SZ-144)
0 - AFFECTED
SmartZone 144-Dataplane (SZ144-D)
0 - AFFECTED
SmartZone 300 (SZ300) (EOL)
0 - AFFECTED
ZoneDirector 1200 (EOL)
0 - AFFECTED
References
Ruckus Security Bulletin 20210108
https://support.ruckuswireless.com/security_bulletins/306
vulncheck.com
https://www.vulncheck.com/advisories/ruckus-ap-cli-arbitrary-file-read-allows-authenticated-remote-file-access
GitHub Security Advisories
GHSA-f4qw-wcqm-7c8g
Ruckus Access Point products contain an arbitrary file read vulnerability in the command-line...
https://github.com/advisories/GHSA-f4qw-wcqm-7c8gRuckus Access Point products contain an arbitrary file read vulnerability in the command-line interface that allows authenticated remote attackers with administrative privileges to read arbitrary files from the underlying filesystem. Attackers can exploit this vulnerability to access sensitive information including configuration files, credentials, and system data stored on the device.
nvd.nist.gov
https://nvd.nist.gov/vuln/detail/CVE-2021-4474
support.ruckuswireless.com
https://support.ruckuswireless.com/security_bulletins/306
vulncheck.com
https://www.vulncheck.com/advisories/ruckus-ap-cli-arbitrary-file-read-allows-authenticated-remote-file-access
github.com
https://github.com/advisories/GHSA-f4qw-wcqm-7c8g
JSON source
https://cveawg.mitre.org/api/cve/CVE-2021-4474Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2021-4474",
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"dateUpdated": "2026-03-26T19:57:52.098Z",
"dateReserved": "2026-03-23T17:39:23.925Z",
"datePublished": "2026-03-26T19:28:25.096Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck",
"dateUpdated": "2026-03-26T19:28:25.096Z"
},
"datePublic": "2021-01-08T00:00:00.000Z",
"title": "Ruckus AP CLI Arbitrary File Read Allows Authenticated Remote File Access",
"descriptions": [
{
"lang": "en",
"value": "Ruckus Access Point products contain an arbitrary file read vulnerability in the command-line interface that allows authenticated remote attackers with administrative privileges to read arbitrary files from the underlying filesystem. Attackers can exploit this vulnerability to access sensitive information including configuration files, credentials, and system data stored on the device."
}
],
"affected": [
{
"vendor": "Ruckus Wireless",
"product": "RUCKUS Access Point",
"defaultStatus": "unaffected",
"versions": [
{
"version": "0",
"status": "affected",
"versionType": "semver"
}
]
},
{
"vendor": "Ruckus",
"product": "RUCKUS Unleashed",
"defaultStatus": "affected",
"versions": [
{
"version": "0",
"status": "affected",
"versionType": "semver"
}
]
},
{
"vendor": "Ruckus",
"product": "SmartZone 100 (SZ-100) (EOL)",
"defaultStatus": "affected",
"versions": [
{
"version": "0",
"status": "affected",
"versionType": "semver"
}
]
},
{
"vendor": "Ruckus",
"product": "SmartZone 100-D (SZ100-D) (EOL)",
"defaultStatus": "affected",
"versions": [
{
"version": "0",
"status": "affected",
"versionType": "semver"
}
]
},
{
"vendor": "Ruckus",
"product": "SmartZone 144 (SZ-144)",
"defaultStatus": "affected",
"versions": [
{
"version": "0",
"status": "affected",
"versionType": "semver"
}
]
},
{
"vendor": "Ruckus",
"product": "SmartZone 144-Dataplane (SZ144-D)",
"defaultStatus": "affected",
"versions": [
{
"version": "0",
"status": "affected",
"versionType": "semver"
}
]
},
{
"vendor": "Ruckus",
"product": "SmartZone 300 (SZ300) (EOL)",
"defaultStatus": "affected",
"versions": [
{
"version": "0",
"status": "affected",
"versionType": "semver"
}
]
},
{
"vendor": "Ruckus",
"product": "ZoneDirector 1200 (EOL)",
"defaultStatus": "affected",
"versions": [
{
"version": "0",
"status": "affected",
"versionType": "semver"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"cweId": "CWE-552",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://support.ruckuswireless.com/security_bulletins/306",
"name": "Ruckus Security Bulletin 20210108",
"tags": [
"vendor-advisory"
]
},
{
"url": "https://www.vulncheck.com/advisories/ruckus-ap-cli-arbitrary-file-read-allows-authenticated-remote-file-access",
"tags": [
"third-party-advisory"
]
}
],
"metrics": [
{
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
],
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
}
}
]
},
"adp": [
{
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2026-03-26T19:57:52.098Z"
},
"title": "CISA ADP Vulnrichment",
"metrics": [
{}
]
}
]
}
}