Ruckus Networks Vriot Iot Controller vulnerabilities
2 known vulnerabilities affecting ruckus_networks/vriot_iot_controller.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2025-69425P2CRITICALCVSS 10.0≥ 2.3.0.0 (GA), < 3.0.0.0 (GA)≥ 2.3.1.0 (MR), < 3.0.0.0 (GA)+1 more2026-01-09
CVE-2025-69425 [CRITICAL] CWE-306 CVE-2025-69425: The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) expose a command execution s
The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password (TOTP) secret and an embedded static token. An attacker who extracts these credentials from the appliance or a co
nvd
CVE-2025-69426P2CRITICALCVSS 10.0≥ 2.3.0.0 (GA), < 3.0.0.0 (GA)≥ 2.3.1.0 (MR), < 3.0.0.0 (GA)+1 more2026-01-09
CVE-2025-69426 [CRITICAL] CWE-732 CVE-2025-69426: The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) contain hardcoded credential
The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables SCP and pseudo-TTY allocation, an attacker can authenticate using the ha
nvd