CRITICAL🇵🇱 Wersja polska

CVE-2025-69426

CVSS 10.0v4.0pub. 2026-01-09upd. 2026-04-15

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables SCP and pseudo-TTY allocation, an attacker can authenticate using the hardcoded credentials and establish SSH local port forwarding to access the Docker socket. By mounting the host filesystem via Docker, an attacker can escape the container and execute arbitrary OS commands as root on the underlying vRIoT controller, resulting in complete system compromise.

🤖 AI Analysis
How it works

The firmware initialization script contains hardcoded credentials for a system account (CWE-798). The SSH service is available over the network without any IP address-based restrictions. Despite SCP being disabled and pseudo-TTY allocation restrictions, an attacker can authenticate using hardcoded credentials and establish SSH local port forwarding to gain access to the Docker socket. Subsequently, by mounting the host filesystem through Docker, the attacker escapes the container (container escape) and executes arbitrary system commands as root on the vRIoT controller, leading to complete system takeover (CWE-732).

Impact

The attacker gains full control over the device with root privileges, meaning complete system compromise — it is possible to read and modify all data, install backdoors, and perform lateral movement in the IoT network.

Mitigation & patch

The firmware must be updated to version 3.0.0.0 (GA) or newer. Additionally, it is recommended to restrict network access to the SSH service using a firewall or ACL, and to isolate the vRIoT controller from untrusted network segments until the patch is applied.

Who is affected

Ruckus vRIoT IoT Controller — all firmware versions prior to 3.0.0.0 (GA)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Container
CWE
References