CSRF in login.asp on Ruckus devices allows an attacker to access the panel, and use SSRF to perform scraping or other analysis via the SUBCA-1 field on the Wireless Admin screen.

Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Name field.

A CSRF issue in login.asp on Ruckus R500 3.4.2.0.384 devices allows remote attackers to access the panel or conduct SSRF attacks.

Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the nslookuptarget=|cat${IFS} substring.