Lucene search
+L

689 matches found

NVD
NVD
added 2026/02/19 8:25 p.m.7 views

CVE-2025-67304

In Ruckus Network Director RND 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user. In the default configuration, the PostgreSQL service is accessible over the network on TCP port 5432. An attacker can use the hardcoded credentials to authenticate...

9.8CVSS0.00481EPSS
Exploits1References2
CVE
CVE
added 2026/02/19 12:0 a.m.13 views

CVE-2025-67304

In Ruckus Network Director (RND) versions prior to 4.5.0.54, the OVA appliance ships with hardcoded credentials for the PostgreSQL database user. By default, PostgreSQL is exposed over the network on TCP port 5432, enabling remote authentication with these credentials. The resulting access grants...

9.8CVSS6AI score0.00481EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/02/19 12:0 a.m.26 views

CVE-2025-67304

In Ruckus Network Director RND 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user. In the default configuration, the PostgreSQL service is accessible over the network on TCP port 5432. An attacker can use the hardcoded credentials to authenticate...

0.00481EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/19 12:0 a.m.23 views

CVE-2025-67305

In RUCKUS Network Director RND 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network access to authenticate via SSH without a password. Once authenticated, the attacker can access the...

0.00494EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.8 views

RUCKUS Network Director 安全漏洞

Ruckus Network Director is a wireless network monitoring software developed by Ruckus Corporation. Versions of Ruckus Network Director prior to 4.5.0.54 contained security vulnerabilities. These vulnerabilities stemmed from the OVA devices having hardcoded PostgreSQL database user credentials,...

9.8CVSS5.8AI score0.00481EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/19 12:0 a.m.3 views

CVE-2025-67305

In RUCKUS Network Director RND 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network access to authenticate via SSH without a password. Once authenticated, the attacker can access the...

5.4AI score0.00494EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/19 12:0 a.m.3 views

CVE-2025-67304

In Ruckus Network Director RND 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user. In the default configuration, the PostgreSQL service is accessible over the network on TCP port 5432. An attacker can use the hardcoded credentials to authenticate...

5.8AI score0.00481EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.13 views

PT-2026-20926

Name of the Vulnerable Software and Affected Versions RUCKUS Network Director versions prior to 4.5.0.56 Description RUCKUS Network Director RND OVA appliances include hardcoded SSH keys for the postgres user. These keys are consistent across all deployments. An attacker with network access can u...

9.8CVSS5.3AI score0.00494EPSS
Exploits1References5
CVE
CVE
added 2026/02/19 12:0 a.m.20 views

CVE-2025-67305

Affected software: RUCKUS Network Director (RND) OVA appliances prior to 4.5.0.56. Vulnerability: hardcoded SSH keys for the postgres user are identical across deployments, enabling network-authenticated SSH without a password. Impact (as stated): attacker can access the PostgreSQL database with ...

9.8CVSS5.5AI score0.00494EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.9 views

RUCKUS Network Director 安全漏洞

RUCKUS Network Director is a wireless network monitoring software developed by RUCKUS Corporation. Versions of RUCKUS Network Director prior to 4.5.0.56 contained security vulnerabilities. These vulnerabilities stemmed from the OVA devices having hardcoded SSH keys, which could allow unauthorized...

9.8CVSS5.8AI score0.00494EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2026/02/18 12:0 a.m.157 views

📄 Ruckus Unleashed 200.13.6.1.319 XSS Scanner

This is a testing script to validate whether or not a Ruckus Unleashed system is vulnerable to the cross site scripting vulnerability in version 200.13.6.1.319...

6.1CVSS5AI score0.00196EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.8 views

CVE-2025-69425

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 GA expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password TOTP secret and an embedded static token. An attacker who...

10CVSS8.1AI score0.00701EPSS
Exploits0References1
NVD
NVD
added 2026/01/09 5:15 p.m.6 views

CVE-2025-69425

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 GA expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password TOTP secret and an embedded static token. An attacker who...

10CVSS0.00701EPSS
Exploits0References2
NVD
NVD
added 2026/01/09 5:15 p.m.6 views

CVE-2025-69426

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 GA contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables SCP and pseudo-TTY...

10CVSS0.00387EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/09 4:15 p.m.7 views

CVE-2025-69426 Ruckus vRIoT IoT Controller < 3.0.0.0 Hardcoded SSH Credentials RCE

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 GA contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables SCP and pseudo-TTY...

10CVSS7AI score0.00387EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/09 4:15 p.m.25 views

CVE-2025-69426 Ruckus vRIoT IoT Controller < 3.0.0.0 Hardcoded SSH Credentials RCE

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 GA contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables SCP and pseudo-TTY...

10CVSS0.00387EPSS
Exploits0References2
CVE
CVE
added 2026/01/09 4:15 p.m.15 views

CVE-2025-69426

The CVE-2025-69426 issue affects Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0. An initialization script contains hardcoded OS user credentials, enabling authentication even though SCP and pseudo-TTY are disabled. The SSH service is network-accessible without IP-based restriction...

10CVSS7AI score0.00387EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/09 4:14 p.m.22 views

CVE-2025-69425 Ruckus vRIoT IoT Controller < 3.0.0.0 Hardcoded Tokens RCE

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 GA expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password TOTP secret and an embedded static token. An attacker who...

10CVSS0.00701EPSS
Exploits0References2
CVE
CVE
added 2026/01/09 4:14 p.m.22 views

CVE-2025-69425

The CVE-2025-69425 entry affects Ruckus vRIoT IoT Controller firmware before 3.0.0.0 (GA). A command execution service on TCP port 2004 runs with root privileges, authenticated by a hardcoded TOTP secret and an embedded static token. Exploitation requires credential extraction from the appliance ...

10CVSS7.7AI score0.00701EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:41 p.m.15 views

CVE-2023-25717

Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?loginusername=admin=password$curl substring...

9.8CVSS7.9AI score0.95326EPSS
Exploits1References1
Rows per page
Query Builder