PT-2026-20922 · Ruckus · Ruckus Network Director

Published

2026-02-19

Updated

2026-02-24

CVE-2025-67304

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ruckus Network Director versions prior to 4.5.0.54

Description Ruckus Network Director (RND) contains hardcoded credentials for the PostgreSQL database user. By default, the PostgreSQL service is accessible over the network on TCP port 5432. An attacker can use these credentials to authenticate remotely, gaining superuser access to the database. This access allows for the creation of administrative users for the web interface, extraction of password hashes, and execution of arbitrary OS commands.

Recommendations Update Ruckus Network Director to version 4.5.0.54 or later.

Exploit

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2025-67304

Affected Products

Ruckus Network Director

PT-2026-20922 · Ruckus · Ruckus Network Director

CVE-2025-67304

Weakness Enumeration

Related Identifiers

Affected Products

References · 4