Vriot Iot Controller
Approved changes feed: RSS · Atom
cpe:2.3:a:ruckus_networks:vriot_iot_controller:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Ruckus Networks (f170aeb4-8a59-5fad-8dd9-0a77cd70b7f0) |
|---|---|
| Product | Vriot Iot Controller (90ebe6f3-4a37-559e-8348-446a6d338ae2) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-69426 |
vulnerable | 2026-06-03 15:12:25.962927 |
Ruckus vRIoT IoT Controller < 3.0.0.0 Hardcoded SSH Credentials RCE
The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables SCP and pseudo-TTY allocation, an attacker can authenticate using the hardcoded credentials and establish SSH local port forwarding to access the Docker socket. By mounting the host filesystem via Docker, an attacker can escape the container and execute arbitrary OS commands as root on the underlying vRIoT controller, resulting in complete system compromise.
Published: 2026-01-09T16:15:01.731Z
Updated: 2026-05-14T02:08:54.950Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-69425 |
vulnerable | 2026-06-03 15:12:25.962501 |
Ruckus vRIoT IoT Controller < 3.0.0.0 Hardcoded Tokens RCE
The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password (TOTP) secret and an embedded static token. An attacker who extracts these credentials from the appliance or a compromised device can generate valid authentication tokens and execute arbitrary OS commands with root privileges, resulting in complete system compromise.
Published: 2026-01-09T16:14:32.065Z
Updated: 2026-05-14T02:08:54.076Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.