Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote attacker to jailbreak the CLI via enable->debug->script->exec with ../../../bin/sh as the parameter.
https://www.ruckuswireless.com/security/299/view/txt
https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html