PT-2026-1953 · Ruckus · Ruckus Vriot Iot Controller
Ivan Racic
·
Publicado
2026-01-09
·
Atualizado
2026-01-09
·
CVE-2025-69426
CVSS v4.0
10
Crítica
| Vetor | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Ruckus vRIoT IoT Controller versions prior to 3.0.0.0
Description
The Ruckus vRIoT IoT Controller firmware contains hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. While SCP and pseudo-TTY allocation are disabled, an attacker can authenticate using the hardcoded credentials and establish SSH local port forwarding to access the Docker socket. By mounting the host filesystem via Docker, an attacker can escape the container and execute arbitrary OS commands as root on the underlying vRIoT controller, leading to complete system compromise.
Recommendations
Update to version 3.0.0.0 or later.
Correção
RCE
Using Hardcoded Credentials
Incorrect Permission
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Ruckus Vriot Iot Controller