CVE-2025-67304

Name of the Vulnerable Software and Affected Versions Ruckus Network Director versions prior to 4.5.0.54

Description Ruckus Network Director (RND) contains hardcoded credentials for the PostgreSQL database user. By default, the PostgreSQL service is accessible over the network on TCP port 5432. An attacker can use these credentials to authenticate remotely, gaining superuser access to the database. This access allows for the creation of administrative users for the web interface, extraction of password hashes, and execution of arbitrary OS commands.

Recommendations Update Ruckus Network Director to version 4.5.0.54 or later.