Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ruckus vRIoT IoT Controller < 3.0.0.0 Hardcoded Tokens RCE
Vulnerability Description
The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password (TOTP) secret and an embedded static token. An attacker who extracts these credentials from the appliance or a compromised device can generate valid authentication tokens and execute arbitrary OS commands with root privileges, resulting in complete system compromise.
CVSS Information
N/A
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
Ruckus vRIoT IoT Controller 信任管理问题漏洞
Vulnerability Description
Ruckus vRIoT IoT Controller是美国Ruckus公司的一个虚拟无线物联网控制器。 Ruckus vRIoT IoT Controller 3.0.0.0之前版本存在信任管理问题漏洞,该漏洞源于硬编码凭据,可能导致执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A