9.8

CVE-2025-67304

Exploit

EPSS 0.14%
Veröffentlicht 19.02.2026 00:00:00
Zuletzt bearbeitet 03.04.2026 11:33:50
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

In Ruckus Network Director (RND) < 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user. In the default configuration, the PostgreSQL service is accessible over the network on TCP port 5432. An attacker can use the hardcoded credentials to authenticate remotely, gaining superuser access to the database. This allows creation of administrative users for the web interface, extraction of password hashes, and execution of arbitrary OS commands.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Commscope ≫ Ruckus Network Director Version < 4.5.0.56

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.329

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://webresources.commscope.com/download/assets/RUCKUS+Network+Director%3A+Critical+Security+Bypass+Vulnerability+Leading+to+Remote+Code+Execution+and/3adeb3acb69211f08a46b6532db37357

Vendor Advisory

https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-009-ruckus-nd-hardcoded-postgresql-credentials-rce.md

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-67304

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-67304

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-67304

EUVD