PT-2026-1953 · Ruckus · Ruckus Vriot Iot Controller
Ivan Racic
·
Published
2026-01-09
·
Updated
2026-01-09
·
CVE-2025-69426
CVSS v4.0
10
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Ruckus vRIoT IoT Controller versions prior to 3.0.0.0
Description
The Ruckus vRIoT IoT Controller firmware contains hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. While SCP and pseudo-TTY allocation are disabled, an attacker can authenticate using the hardcoded credentials and establish SSH local port forwarding to access the Docker socket. By mounting the host filesystem via Docker, an attacker can escape the container and execute arbitrary OS commands as root on the underlying vRIoT controller, leading to complete system compromise.
Recommendations
Update to version 3.0.0.0 or later.
Fix
RCE
Using Hardcoded Credentials
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ruckus Vriot Iot Controller