Home

Description

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password (TOTP) secret and an embedded static token. An attacker who extracts these credentials from the appliance or a compromised device can generate valid authentication tokens and execute arbitrary OS commands with root privileges, resulting in complete system compromise.

PUBLISHED Reserved 2026-01-08 | Published 2026-01-09 | Updated 2026-01-09 | Assigner VulnCheck




CRITICAL: 10.0CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-306 Missing Authentication for Critical Function

CWE-798 Use of Hard-coded Credentials

Product status

Default status
unaffected

2.3.0.0 (GA) (semver) before 3.0.0.0 (GA)
affected

2.3.1.0 (MR) (semver) before 3.0.0.0 (GA)
affected

2.4.0.0 (GA) (semver) before 3.0.0.0 (GA)
affected

Credits

Ivan Racic finder

References

support.ruckuswireless.com/security_bulletins/336 vendor-advisory patch

www.vulncheck.com/...iot-iot-controller-hardcoded-tokens-rce third-party-advisory

cve.org (CVE-2025-69425)

nvd.nist.gov (CVE-2025-69425)

Download JSON