CVE-2025-67304
Received Received - Intake
Hardcoded Credentials in Ruckus RND PostgreSQL Enable Remote Code Execution

Publication date: 2026-02-19

Last updated on: 2026-04-03

Assigner: MITRE

Description
In Ruckus Network Director (RND) < 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user. In the default configuration, the PostgreSQL service is accessible over the network on TCP port 5432. An attacker can use the hardcoded credentials to authenticate remotely, gaining superuser access to the database. This allows creation of administrative users for the web interface, extraction of password hashes, and execution of arbitrary OS commands.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-19
Last Modified
2026-04-03
Generated
2026-06-16
AI Q&A
2026-02-19
EPSS Evaluated
2026-06-15
NVD
CVE-2025-67304
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
commscope ruckus_network_director to 4.5.0.56 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Ruckus Network Director (RND) versions prior to 4.5.0.54. The OVA appliance includes hardcoded credentials for the PostgreSQL database user named 'ruckus'. Because the PostgreSQL service is accessible over the network on TCP port 5432 by default, an attacker can remotely use these hardcoded credentials to authenticate.

Once authenticated, the attacker gains superuser access to the database, which enables them to create administrative users for the web interface, extract password hashes, and execute arbitrary operating system commands.

Impact Analysis

This vulnerability can have severe impacts including unauthorized administrative access to the Ruckus Network Director web interface, exposure of sensitive password hashes, and the ability for an attacker to execute arbitrary commands on the underlying operating system.

Such access could lead to full compromise of the network management system, potential disruption of network services, data theft, and further lateral movement within the affected environment.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by checking for the presence of the PostgreSQL service running on TCP port 5432 on Ruckus Network Director (RND) appliances with versions less than 4.5.0.54. Since the PostgreSQL service is accessible over the network, you can scan your network for open port 5432 on devices running RND.

  • Use a network scanning tool such as nmap to detect open PostgreSQL ports: nmap -p 5432 <target-ip>
  • Attempt to connect to the PostgreSQL service using the known hardcoded credentials to verify vulnerability: psql -h <target-ip> -p 5432 -U ruckus

Successful authentication with the hardcoded credentials indicates the system is vulnerable.

Mitigation Strategies

Immediate mitigation steps include restricting network access to the PostgreSQL service on TCP port 5432 to trusted hosts only, preventing remote attackers from connecting.

Additionally, upgrade Ruckus Network Director to version 4.5.0.54 or later where this vulnerability is fixed.

If upgrading immediately is not possible, consider changing the default PostgreSQL credentials and disabling remote access to the database service.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67304. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart