← Zuruck zu CVEs
CVE-2025-69426
N/ABeschreibung
The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables SCP and pseudo-TTY allocation, an attacker can authenticate using the hardcoded credentials and establish SSH local port forwarding to access the Docker socket. By mounting the host filesystem via Docker, an attacker can escape the container and execute arbitrary OS commands as root on the underlying vRIoT controller, resulting in complete system compromise.
CVE Details
CVSS v3.1 BewertungN/A
Veroffentlicht1/9/2026
Zuletzt geandert1/13/2026
Quellenvd
Honeypot-Sichtungen0
Schwachen (CWE)
CWE-732CWE-798
Referenzen
https://support.ruckuswireless.com/security_bulletins/336(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/ruckus-vriot-iot-controller-hardcoded-ssh-credentials-rce(disclosure@vulncheck.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.