Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
3 vulnerabilities by RUCKUS Networks
CVE-2023-7338 (GCVE-0-2023-7338)
Vulnerability from cvelistv5 – Published: 2026-03-26 19:20 – Updated: 2026-03-27 21:55
VLAI?
Title
Ruckus Unleashed Authenticated RCE in Gateway Mode
Summary
Ruckus Unleashed contains a remote code execution vulnerability in the web-based management interface that allows authenticated remote attackers to execute arbitrary code on the system when gateway mode is enabled. Attackers can exploit this vulnerability by sending specially crafted requests through the management interface to achieve arbitrary code execution on affected systems.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Ruckus Networks | RUCKUS H350 |
Affected:
unknown
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2023-07-31 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-7338",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T21:55:24.642662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T21:55:37.051Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "RUCKUS H350",
"vendor": "Ruckus Networks",
"versions": [
{
"status": "affected",
"version": "unknown",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "RUCKUS H550",
"vendor": "Ruckus Networks",
"versions": [
{
"status": "affected",
"version": "unknown",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "RUCKUS R350",
"vendor": "Ruckus Networks",
"versions": [
{
"status": "affected",
"version": "unknown",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "RUCKUS R550",
"vendor": "Ruckus Networks",
"versions": [
{
"status": "affected",
"version": "unknown",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "RUCKUS R650",
"vendor": "Ruckus Networks",
"versions": [
{
"status": "affected",
"version": "unknown",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "RUCKUS R750",
"vendor": "Ruckus Networks",
"versions": [
{
"status": "affected",
"version": "unknown",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "RUCKUS R850",
"vendor": "Ruckus Networks",
"versions": [
{
"status": "affected",
"version": "unknown",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "RUCKUS T350c",
"vendor": "Ruckus Networks",
"versions": [
{
"status": "affected",
"version": "unknown",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "RUCKUS T350d",
"vendor": "Ruckus Networks",
"versions": [
{
"status": "affected",
"version": "unknown",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "RUCKUS T350se",
"vendor": "Ruckus Networks",
"versions": [
{
"status": "affected",
"version": "unknown",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "RUCKUS T750",
"vendor": "Ruckus Networks",
"versions": [
{
"status": "affected",
"version": "unknown",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "RUCKUS T750SE",
"vendor": "Ruckus Networks",
"versions": [
{
"status": "affected",
"version": "unknown",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "RUCKUS Unleashed",
"vendor": "Ruckus Networks",
"versions": [
{
"status": "affected",
"version": "unknown",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Ruckus C110",
"vendor": "Ruckus Networks",
"versions": [
{
"status": "affected",
"version": "unknown",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Ruckus E510",
"vendor": "Ruckus Networks",
"versions": [
{
"status": "affected",
"version": "unknown",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Ruckus H320",
"vendor": "Ruckus Networks",
"versions": [
{
"status": "affected",
"version": "unknown",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Ruckus H510",
"vendor": "Ruckus Networks",
"versions": [
{
"status": "affected",
"version": "unknown",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Ruckus M510-JP",
"vendor": "Ruckus Networks",
"versions": [
{
"status": "affected",
"version": "unknown",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Ruckus R320",
"vendor": "Ruckus Networks",
"versions": [
{
"status": "affected",
"version": "unknown",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Ruckus R510",
"vendor": "Ruckus Networks",
"versions": [
{
"status": "affected",
"version": "unknown",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Ruckus R610",
"vendor": "Ruckus Networks",
"versions": [
{
"status": "affected",
"version": "unknown",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Ruckus R710",
"vendor": "Ruckus Networks",
"versions": [
{
"status": "affected",
"version": "unknown",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Ruckus R720",
"vendor": "Ruckus Networks",
"versions": [
{
"status": "affected",
"version": "unknown",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Ruckus T310c",
"vendor": "Ruckus Networks",
"versions": [
{
"status": "affected",
"version": "unknown",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Ruckus T310d",
"vendor": "Ruckus Networks",
"versions": [
{
"status": "affected",
"version": "unknown",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Ruckus T310n",
"vendor": "Ruckus Networks",
"versions": [
{
"status": "affected",
"version": "unknown",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Ruckus T310s",
"vendor": "Ruckus Networks",
"versions": [
{
"status": "affected",
"version": "unknown",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Ruckus T610",
"vendor": "Ruckus Networks",
"versions": [
{
"status": "affected",
"version": "unknown",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Ruckus T710",
"vendor": "Ruckus Networks",
"versions": [
{
"status": "affected",
"version": "unknown",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Ruckus T710s",
"vendor": "Ruckus Networks",
"versions": [
{
"status": "affected",
"version": "unknown",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-07-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRuckus Unleashed contains a remote code execution vulnerability in the web-based management interface that allows authenticated remote attackers to execute arbitrary code on the system when gateway mode is enabled. Attackers can exploit this vulnerability by sending specially crafted requests through the management interface to achieve arbitrary code execution on affected systems.\u003c/p\u003e"
}
],
"value": "Ruckus Unleashed contains a remote code execution vulnerability in the web-based management interface that allows authenticated remote attackers to execute arbitrary code on the system when gateway mode is enabled. Attackers can exploit this vulnerability by sending specially crafted requests through the management interface to achieve arbitrary code execution on affected systems."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) (CWE-78)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T19:20:53.252Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Ruckus Security Bulletin 20230731",
"tags": [
"vendor-advisory"
],
"url": "https://support.ruckuswireless.com/security_bulletins/320"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/ruckus-unleashed-authenticated-rce-in-gateway-mode"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Ruckus Unleashed Authenticated RCE in Gateway Mode",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-7338",
"datePublished": "2026-03-26T19:20:53.252Z",
"dateReserved": "2026-03-23T16:18:41.704Z",
"dateUpdated": "2026-03-27T21:55:37.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-69426 (GCVE-0-2025-69426)
Vulnerability from cvelistv5 – Published: 2026-01-09 16:15 – Updated: 2026-01-09 18:37
VLAI?
Title
Ruckus vRIoT IoT Controller < 3.0.0.0 Hardcoded SSH Credentials RCE
Summary
The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables SCP and pseudo-TTY allocation, an attacker can authenticate using the hardcoded credentials and establish SSH local port forwarding to access the Docker socket. By mounting the host filesystem via Docker, an attacker can escape the container and execute arbitrary OS commands as root on the underlying vRIoT controller, resulting in complete system compromise.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RUCKUS Networks | vRIoT IOT Controller |
Affected:
2.3.0.0 (GA) , < 3.0.0.0 (GA)
(semver)
Affected: 2.3.1.0 (MR) , < 3.0.0.0 (GA) (semver) Affected: 2.4.0.0 (GA) , < 3.0.0.0 (GA) (semver) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-69426",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-09T17:48:25.580373Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T18:37:43.521Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "vRIoT IOT Controller",
"vendor": "RUCKUS Networks",
"versions": [
{
"lessThan": "3.0.0.0 (GA)",
"status": "affected",
"version": "2.3.0.0 (GA)",
"versionType": "semver"
},
{
"lessThan": "3.0.0.0 (GA)",
"status": "affected",
"version": "2.3.1.0 (MR)",
"versionType": "semver"
},
{
"lessThan": "3.0.0.0 (GA)",
"status": "affected",
"version": "2.4.0.0 (GA)",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ivan Racic"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables SCP and pseudo-TTY allocation, an attacker can authenticate using the hardcoded credentials and establish SSH local port forwarding to access the Docker socket. By mounting the host filesystem via Docker, an attacker can escape the container and execute arbitrary OS commands as root on the underlying vRIoT controller, resulting in complete system compromise.\u003cbr\u003e"
}
],
"value": "The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables SCP and pseudo-TTY allocation, an attacker can authenticate using the hardcoded credentials and establish SSH local port forwarding to access the Docker socket. By mounting the host filesystem via Docker, an attacker can escape the container and execute arbitrary OS commands as root on the underlying vRIoT controller, resulting in complete system compromise."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T16:15:01.731Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://support.ruckuswireless.com/security_bulletins/336"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/ruckus-vriot-iot-controller-hardcoded-ssh-credentials-rce"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Ruckus vRIoT IoT Controller \u003c 3.0.0.0 Hardcoded SSH Credentials RCE",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-69426",
"datePublished": "2026-01-09T16:15:01.731Z",
"dateReserved": "2026-01-08T20:48:39.252Z",
"dateUpdated": "2026-01-09T18:37:43.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-69425 (GCVE-0-2025-69425)
Vulnerability from cvelistv5 – Published: 2026-01-09 16:14 – Updated: 2026-01-09 18:37
VLAI?
Title
Ruckus vRIoT IoT Controller < 3.0.0.0 Hardcoded Tokens RCE
Summary
The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password (TOTP) secret and an embedded static token. An attacker who extracts these credentials from the appliance or a compromised device can generate valid authentication tokens and execute arbitrary OS commands with root privileges, resulting in complete system compromise.
Severity ?
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RUCKUS Networks | vRIoT IoT Controller |
Affected:
2.3.0.0 (GA) , < 3.0.0.0 (GA)
(semver)
Affected: 2.3.1.0 (MR) , < 3.0.0.0 (GA) (semver) Affected: 2.4.0.0 (GA) , < 3.0.0.0 (GA) (semver) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-69425",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-09T17:48:39.859822Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T18:37:55.088Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "vRIoT IoT Controller",
"vendor": "RUCKUS Networks",
"versions": [
{
"lessThan": "3.0.0.0 (GA)",
"status": "affected",
"version": "2.3.0.0 (GA)",
"versionType": "semver"
},
{
"lessThan": "3.0.0.0 (GA)",
"status": "affected",
"version": "2.3.1.0 (MR)",
"versionType": "semver"
},
{
"lessThan": "3.0.0.0 (GA)",
"status": "affected",
"version": "2.4.0.0 (GA)",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ivan Racic"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Ruckus vRIoT \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIoT Controller\u003c/span\u003e\u0026nbsp;firmware versions prior to 3.0.0.0 (GA) expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password (TOTP) secret and an embedded static token. An attacker who extracts these credentials from the appliance or a compromised device can generate valid authentication tokens and execute arbitrary OS commands with root privileges, resulting in complete system compromise."
}
],
"value": "The Ruckus vRIoT IoT Controller\u00a0firmware versions prior to 3.0.0.0 (GA) expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password (TOTP) secret and an embedded static token. An attacker who extracts these credentials from the appliance or a compromised device can generate valid authentication tokens and execute arbitrary OS commands with root privileges, resulting in complete system compromise."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T16:14:32.065Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://support.ruckuswireless.com/security_bulletins/336"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/ruckus-vriot-iot-controller-hardcoded-tokens-rce"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Ruckus vRIoT IoT Controller \u003c 3.0.0.0 Hardcoded Tokens RCE",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-69425",
"datePublished": "2026-01-09T16:14:32.065Z",
"dateReserved": "2026-01-08T20:48:39.252Z",
"dateUpdated": "2026-01-09T18:37:55.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}