Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Ruckus Network Director (RND) Stored Database Credentials Exposed
CVE-2025-67304
Summary
The Ruckus Network Director uses a default database username and password that can be accessed remotely, potentially allowing an attacker to gain full control of the database and the web interface. This is a serious issue because an attacker could use this access to create new administrators, steal passwords, or execute malicious commands. To protect your system, update to version 4.5.0.54 or later.
Original title
In Ruckus Network Director (RND) < 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user. In the default configuration, the PostgreSQL service is access...
Original description
In Ruckus Network Director (RND) < 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user. In the default configuration, the PostgreSQL service is accessible over the network on TCP port 5432. An attacker can use the hardcoded credentials to authenticate remotely, gaining superuser access to the database. This allows creation of administrative users for the web interface, extraction of password hashes, and execution of arbitrary OS commands.
nvd CVSS3.1
9.8
Vulnerability type
CWE-798
Use of Hard-coded Credentials
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026