CVE-2025-69426

CRITICAL

Ruckus vRIoT IoT Controller <3.0.0.0 - Privilege Escalation

Title source: llm

Description

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables SCP and pseudo-TTY allocation, an attacker can authenticate using the hardcoded credentials and establish SSH local port forwarding to access the Docker socket. By mounting the host filesystem via Docker, an attacker can escape the container and execute arbitrary OS commands as root on the underlying vRIoT controller, resulting in complete system compromise.

References (2)

[Various Sources] https://support.ruckuswireless.com/security_bulletins/336

[Third Party Advisory] https://www.vulncheck.com/advisories/ruckus-vriot-iot-controller-hardcoded-ssh-credentials-rce

Scores

CVSS v4 10.0

EPSS 0.0002

EPSS Percentile 5.4%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-732 CWE-798

Status published

Products (3)

RUCKUS Networks/vRIoT IOT Controller 2.3.0.0 (GA) - 3.0.0.0 (GA)

RUCKUS Networks/vRIoT IOT Controller 2.3.1.0 (MR) - 3.0.0.0 (GA)

RUCKUS Networks/vRIoT IOT Controller 2.4.0.0 (GA) - 3.0.0.0 (GA)

Published Jan 09, 2026

Tracked Since Feb 18, 2026