CVE-2025-69426

UNKNOWN 0.0

Ruckus vRIoT IoT Controller < 3.0.0.0 Hardcoded SSH Credentials RCE

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

7th

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables SCP and pseudo-TTY allocation, an attacker can authenticate using the hardcoded credentials and establish SSH local port forwarding to access the Docker socket. By mounting the host filesystem via Docker, an attacker can escape the container and execute arbitrary OS commands as root on the underlying vRIoT controller, resulting in complete system compromise.

CWE	CWE-732 CWE-798
Vendor	ruckus networks
Product	vriot iot controller
Published	Jan 9, 2026
Last Updated	May 14, 2026

Stay Ahead of the Next One

Get instant alerts for ruckus networks vriot iot controller

Be the first to know when new unknown vulnerabilities affecting ruckus networks vriot iot controller are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

RUCKUS Networks / vRIoT IOT Controller

2.3.0.0 (GA) < 3.0.0.0 (GA) 2.3.1.0 (MR) < 3.0.0.0 (GA) 2.4.0.0 (GA) < 3.0.0.0 (GA)

References

NVD ↗ CVE.org ↗ EPSS Data ↗

support.ruckuswireless.com: https://support.ruckuswireless.com/security_bulletins/336 vulncheck.com: https://www.vulncheck.com/advisories/ruckus-vriot-iot-controller-hardcoded-ssh-credentials-rce

Credits

Ivan Racic