CVE-2020-26879

CRITICAL EXPLOITED IN THE WILD NUCLEI

Ruckus vRioT <= 1.5.1.0.21 - Unauthenticated API Backdoor via Hardcoded Authorization Header

Title source: llm

Exploitation Summary

CVE-2020-26879 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 1 public exploit. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2020-26879, targeting Ruckus IoT Controller (Ruckus vRIoT) versions <= 1.5.1.0.21. The exploit leverages command injection and broken authentication to achieve remote code execution (RCE) as root via a crafted HTTP request to the /service/v1/createUser endpoint.

Description

Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An unauthenticated attacker can interact with the service API by using a backdoor value as the Authorization header.

Exploits (1)

vulncheck_xdb WORKING POC

remote

https://github.com/beyefendi/exploit

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2020-26879, targeting Ruckus IoT Controller (Ruckus vRIoT) versions <= 1.5.1.0.21. The exploit leverages command injection and broken authentication to achieve remote code execution (RCE) as root via a crafted HTTP request to the /service/v1/createUser endpoint.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Ruckus IoT Controller (Ruckus vRIoT) <= 1.5.1.0.21

No auth needed

Prerequisites: network access to target · listener setup for reverse shell

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 25, 2026 Full analysis →

Nuclei Templates (1)

Ruckus vRioT IoT Controller - Authentication Bypass

CRITICALVERIFIEDby DhiyaneshDk

Shodan: html:"RIoT Controller"

References (6)

Core 6

Core References

Third Party Advisory x_refsource_misc

https://adepts.of0x.cc

Third Party Advisory x_refsource_misc

https://twitter.com/TheXC3LL

Third Party Advisory x_refsource_misc

https://x-c3ll.github.io

Vendor Advisory x_refsource_misc

https://support.ruckuswireless.com/documents

Product, Vendor Advisory x_refsource_confirm

https://support.ruckuswireless.com/security_bulletins/305

Exploit, Third Party Advisory x_refsource_misc

https://adepts.of0x.cc/ruckus-vriot-rce/

Scores

CVSS v3 9.8

EPSS 0.4248

EPSS Percentile 98.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2022-06-28

InTheWild.io 2022-07-06

CWE

CWE-798

Status published

Products (1)

commscope/ruckus_vriot < 1.5.1.0.21

Published Oct 26, 2020

Tracked Since Feb 18, 2026