Network Director
by Ruckus
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-67305 | Cri | 0.64 | 9.8 | 0.00 | Feb 19, 2026 | In RUCKUS Network Director (RND) < 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network access to authenticate via SSH without a password. Once authenticated, the attacker can access the PostgreSQL database with superuser privileges, create administrative users for the web interface, and potentially escalate privileges further. | ||
| CVE-2025-67304 | Cri | 0.64 | 9.8 | 0.00 | Feb 19, 2026 | In Ruckus Network Director (RND) < 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user. In the default configuration, the PostgreSQL service is accessible over the network on TCP port 5432. An attacker can use the hardcoded credentials to authenticate remotely, gaining superuser access to the database. This allows creation of administrative users for the web interface, extraction of password hashes, and execution of arbitrary OS commands. | ||
| CVE-2025-44955 | 0.00 | — | 0.00 | Aug 4, 2025 | RUCKUS Network Director (RND) before 4.5 allows jailed users to obtain root access vis a weak, hardcoded password. | |||
| CVE-2025-44958 | 0.00 | — | 0.00 | Aug 4, 2025 | RUCKUS Network Director (RND) before 4.5 stores passwords in a recoverable format. | |||
| CVE-2025-44963 | 0.00 | — | 0.00 | Aug 4, 2025 | RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key. |
- risk 0.64cvss 9.8epss 0.00
In RUCKUS Network Director (RND) < 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network access to authenticate via SSH without a password. Once authenticated, the attacker can access the PostgreSQL database with superuser privileges, create administrative users for the web interface, and potentially escalate privileges further.
- risk 0.64cvss 9.8epss 0.00
In Ruckus Network Director (RND) < 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user. In the default configuration, the PostgreSQL service is accessible over the network on TCP port 5432. An attacker can use the hardcoded credentials to authenticate remotely, gaining superuser access to the database. This allows creation of administrative users for the web interface, extraction of password hashes, and execution of arbitrary OS commands.
- CVE-2025-44955Aug 4, 2025risk 0.00cvss —epss 0.00
RUCKUS Network Director (RND) before 4.5 allows jailed users to obtain root access vis a weak, hardcoded password.
- CVE-2025-44958Aug 4, 2025risk 0.00cvss —epss 0.00
RUCKUS Network Director (RND) before 4.5 stores passwords in a recoverable format.
- CVE-2025-44963Aug 4, 2025risk 0.00cvss —epss 0.00
RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key.