689 matches found
CVE-2025-67304
In Ruckus Network Director RND 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user. In the default configuration, the PostgreSQL service is accessible over the network on TCP port 5432. An attacker can use the hardcoded credentials to authenticate...
CVE-2025-67304
In Ruckus Network Director (RND) versions prior to 4.5.0.54, the OVA appliance ships with hardcoded credentials for the PostgreSQL database user. By default, PostgreSQL is exposed over the network on TCP port 5432, enabling remote authentication with these credentials. The resulting access grants...
CVE-2025-67304
In Ruckus Network Director RND 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user. In the default configuration, the PostgreSQL service is accessible over the network on TCP port 5432. An attacker can use the hardcoded credentials to authenticate...
CVE-2025-67305
In RUCKUS Network Director RND 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network access to authenticate via SSH without a password. Once authenticated, the attacker can access the...
RUCKUS Network Director 安全漏洞
Ruckus Network Director is a wireless network monitoring software developed by Ruckus Corporation. Versions of Ruckus Network Director prior to 4.5.0.54 contained security vulnerabilities. These vulnerabilities stemmed from the OVA devices having hardcoded PostgreSQL database user credentials,...
CVE-2025-67305
In RUCKUS Network Director RND 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network access to authenticate via SSH without a password. Once authenticated, the attacker can access the...
CVE-2025-67304
In Ruckus Network Director RND 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user. In the default configuration, the PostgreSQL service is accessible over the network on TCP port 5432. An attacker can use the hardcoded credentials to authenticate...
PT-2026-20926
Name of the Vulnerable Software and Affected Versions RUCKUS Network Director versions prior to 4.5.0.56 Description RUCKUS Network Director RND OVA appliances include hardcoded SSH keys for the postgres user. These keys are consistent across all deployments. An attacker with network access can u...
CVE-2025-67305
Affected software: RUCKUS Network Director (RND) OVA appliances prior to 4.5.0.56. Vulnerability: hardcoded SSH keys for the postgres user are identical across deployments, enabling network-authenticated SSH without a password. Impact (as stated): attacker can access the PostgreSQL database with ...
RUCKUS Network Director 安全漏洞
RUCKUS Network Director is a wireless network monitoring software developed by RUCKUS Corporation. Versions of RUCKUS Network Director prior to 4.5.0.56 contained security vulnerabilities. These vulnerabilities stemmed from the OVA devices having hardcoded SSH keys, which could allow unauthorized...
📄 Ruckus Unleashed 200.13.6.1.319 XSS Scanner
This is a testing script to validate whether or not a Ruckus Unleashed system is vulnerable to the cross site scripting vulnerability in version 200.13.6.1.319...
CVE-2025-69425
The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 GA expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password TOTP secret and an embedded static token. An attacker who...
CVE-2025-69425
The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 GA expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password TOTP secret and an embedded static token. An attacker who...
CVE-2025-69426
The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 GA contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables SCP and pseudo-TTY...
CVE-2025-69426 Ruckus vRIoT IoT Controller < 3.0.0.0 Hardcoded SSH Credentials RCE
The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 GA contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables SCP and pseudo-TTY...
CVE-2025-69426 Ruckus vRIoT IoT Controller < 3.0.0.0 Hardcoded SSH Credentials RCE
The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 GA contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables SCP and pseudo-TTY...
CVE-2025-69426
The CVE-2025-69426 issue affects Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0. An initialization script contains hardcoded OS user credentials, enabling authentication even though SCP and pseudo-TTY are disabled. The SSH service is network-accessible without IP-based restriction...
CVE-2025-69425 Ruckus vRIoT IoT Controller < 3.0.0.0 Hardcoded Tokens RCE
The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 GA expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password TOTP secret and an embedded static token. An attacker who...
CVE-2025-69425
The CVE-2025-69425 entry affects Ruckus vRIoT IoT Controller firmware before 3.0.0.0 (GA). A command execution service on TCP port 2004 runs with root privileges, authenticated by a hardcoded TOTP secret and an embedded static token. Exploitation requires credential extraction from the appliance ...
CVE-2023-25717
Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?loginusername=admin=password$curl substring...