Ruckus vRIoT IoT Controller Hardcoded SSH Credentials Leading to Remote Code Execution
Vulnerability
A remote code execution vulnerability exists in Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA). The vulnerability arises from hardcoded SSH credentials for an operating system user account, embedded within an initialization script. The SSH service is accessible over the network without IP-based restrictions. While the configuration disables SCP and pseudo-TTY allocation, an attacker can use the hardcoded credentials to authenticate and establish SSH local port forwarding to access the Docker socket. This access allows the attacker to mount the host filesystem via Docker, escape the container, and execute arbitrary operating system commands as root on the underlying vRIoT controller, resulting in complete system compromise.
Impact
Exploitation of this vulnerability allows for unauthorized access to the system via SSH, with the ability to execute arbitrary commands as the root user, leading to a full compromise of the device.
Remediation
Users are advised to upgrade to Ruckus IoT Controller version 3.0.0.0 (GA) or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.