Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
RUCKUS Network Director OVA appliance: hardcoded SSH keys exposed
CVE-2025-67305
Summary
A security risk exists in older versions of RUCKUS Network Director, where the same SSH key is hardcoded in all installations. This allows an attacker with network access to gain access to the database and potentially take control of the system. Upgrade to version 4.5.0.56 or later to fix this issue.
Original title
In RUCKUS Network Director (RND) < 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network ...
Original description
In RUCKUS Network Director (RND) < 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network access to authenticate via SSH without a password. Once authenticated, the attacker can access the PostgreSQL database with superuser privileges, create administrative users for the web interface, and potentially escalate privileges further.
nvd CVSS3.1
9.8
Vulnerability type
CWE-321
Use of Hard-coded Cryptographic Key
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026