CRITICAL🇵🇱 Wersja polska

CVE-2025-69425

CVSS 10.0v4.0pub. 2026-01-09upd. 2026-04-15

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password (TOTP) secret and an embedded static token. An attacker who extracts these credentials from the appliance or a compromised device can generate valid authentication tokens and execute arbitrary OS commands with root privileges, resulting in complete system compromise.

🤖 AI Analysis
How it works

The service listening on TCP port 2004 requires authentication based on Time-based One-Time Password (TOTP), however the TOTP secret and static token embedded in the software are identical across all devices (CWE-798 – hardcoded credentials). There is no identity verification mechanism dependent on administrator configuration (CWE-306 – missing authentication for critical function). After extracting this data from firmware or a compromised device, an attacker can independently generate valid authentication tokens and send arbitrary OS commands to the service. The service operates with root privileges, meaning there are no restrictions on the scope of performed operations.

Impact

Attacker gains full control of the device with root privileges, enabling execution of arbitrary operating system commands, configuration modification, installation of backdoors, and further actions within the network (lateral movement).

Mitigation & patch

Update Ruckus vRIoT IoT Controller firmware to version 3.0.0.0 (GA) or newer. Until the patch is deployed, it is recommended to restrict access to TCP port 2004 at the firewall level exclusively to trusted administrative hosts. Details available in the vendor's security bulletin: https://support.ruckuswireless.com/security_bulletins/336

Who is affected

Ruckus vRIoT IoT Controller – firmware versions prior to 3.0.0.0 (GA)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References