CRITICAL🇵🇱 Wersja polska

CVE-2025-67305

CVSS 9.8v3.1pub. 2026-02-19upd. 2026-04-03

In RUCKUS Network Director (RND) < 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network access to authenticate via SSH without a password. Once authenticated, the attacker can access the PostgreSQL database with superuser privileges, create administrative users for the web interface, and potentially escalate privileges further.

🤖 AI Analysis
How it works

The OVA appliance supplied with the product contains static, immutable SSH keys assigned to the postgres user account. Since these same keys are embedded in all RND installations, any attacker with network access to the device can authenticate via SSH without entering a password. After gaining access, the attacker has superuser privileges to the PostgreSQL database, allowing creation of administrative accounts in the web interface and further privilege escalation.

Impact

An unauthenticated attacker can gain full control over the PostgreSQL database with superuser privileges, create web interface administrator accounts, and escalate privileges in the system, leading to complete device takeover and potential RCE.

Mitigation & patch

Update RUCKUS Network Director to version 4.5.0.56 or later. Detailed information is available in Commscope's official security bulletin. Until the patch is deployed, it is recommended to restrict network access to the device's SSH ports only to trusted administrative hosts using a firewall or ACL lists.

Who is affected

Commscope RUCKUS Network Director (RND) in versions earlier than 4.5.0.56, deployed as an OVA appliance.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Commscope Ruckus Network Director

    APP
    Commscope
    < 4.5.0.56
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2025-67304CRITICAL9.8PL ✓ten sam produkt

Hardcoded credentials w Ruckus Network Director — dostęp do PostgreSQL i RCE

CVE-2025-44961CRITICAL9.9PL ✓ten sam produkt

Command injection w RUCKUS SmartZone przez pole adresu IP

CVE-2025-44963CRITICAL9.0PL ✓ten sam produkt

Hardcodowany klucz JWT w Commscope Ruckus Network Director — spoofing administratora

CVE-2025-44960HIGH8.5ten sam produkt

RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an A...

CVE-2025-44955HIGH8.8ten sam produkt

RUCKUS Network Director (RND) before 4.5 allows jailed users to obtain root access vis a weak, hardcoded passw...