In Ruckus Network Director (RND) < 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user. In the default configuration, the PostgreSQL service is accessible over the network on TCP port 5432. An attacker can use the hardcoded credentials to authenticate remotely, gaining superuser access to the database. This allows creation of administrative users for the web interface, extraction of password hashes, and execution of arbitrary OS commands.
The vulnerability results from the presence of hardcoded credentials (CWE-798) embedded in the device's OVA image. An attacker can remotely authenticate to the PostgreSQL service using these credentials, obtaining superuser privileges on the database. With such privileges, it is possible to create administrative accounts in the web interface, extract password hashes, and execute arbitrary system commands at the operating system level.
Attacker gains full access to the database with superuser privileges, leading to takeover of administrator accounts, leakage of authentication credentials, and execution of arbitrary OS commands (RCE) on the server.
Ruckus Network Director should be updated to version 4.5.0.54 or newer. Until the patch is deployed, it is recommended to block network access to TCP port 5432 (PostgreSQL) at the firewall or network rules level, restricting access only to authorized hosts.
Commscope Ruckus Network Director (RND) in versions below 4.5.0.54, deployed as an OVA appliance image with default configuration (PostgreSQL accessible on TCP port 5432)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCommscope Ruckus Network Director
APPCommscope< 4.5.0.56
Related vulnerabilities
Hardcoded SSH keys w Commscope RUCKUS Network Director (RCE)
Command injection w RUCKUS SmartZone przez pole adresu IP
Hardcodowany klucz JWT w Commscope Ruckus Network Director — spoofing administratora
RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an A...
RUCKUS Network Director (RND) before 4.5 allows jailed users to obtain root access vis a weak, hardcoded passw...