Ruckus Wireless Routers Vulnerable to Passwordless Takeover Attacks
- A researcher has discovered three flaws that concern Ruckus Networks Unleashed models.
- The vendor has already fixed the vulnerabilities via firmware updates, but many haven’t applied them yet.
- One of the RCEs is pretty easy to exploit, while the other two require more complex procedures.
As reported by TechCrunch, researcher Gal Zror has discovered three remote code execution flaws that plague various models of ‘Ruckus Networks’ wireless routers (“Unleashed” series). Although the manufacturer has pushed fixing updates already, many thousands of devices remain unpatched still, and thus vulnerable to exploitation. More specifically, the flaws lie in the web user interface software that is used by the Ruckus Unleashed routers that can be exploited without needing the administrator password. The result of a successful attack of this type would be to gain root privileges on the device.
This means that an attacker could gain unauthorized access on the Ruckus router, and then scan the internal network that is served by this router to infiltrate deeper. Also, eavesdropping on the data packets that come and go through the router would also be perfectly possible. The three RCE vulnerabilities that were discovered are qualitatively different, but one of them is pretty easy to exploit. The researcher says one would only need a single line of code to take advantage of the flaw, and unfortunately, he is already seeing this type of targeted scans going on.
Gal Zror presented his exploitation methods during the recent ‘Chaos Communication Congress’ conference in Germany, demonstrating the potential for authentication bypassing, command injection, path traversal, arbitrary file reading and writing, and stack overflow. As the security expert demonstrated, the first RCE requires the deployment of a specially crafted Ghidra script, the second uses a stack overflow vulnerability, and the third is based on a flaw chaining technique.
Ruckus responded to this story by clarifying that all three vulnerabilities have been fixed with the 200.7.10.202.92 software update. Because their routers are configured not to fetch firmware updates automatically, the users will have to do it manually for reasons of safety and better control management. That said, if you are using a Ruckus Unleashed device, make sure that you update its software to the latest available version. Of course, this applies to any router that you may be using, as undiscovered flaws can always lead to network and systems compromise without any stories like the above providing a warning. We informed you about TP-Link router vulnerabilities two weeks ago, and also RCE flaws in many D-Link routers a few months back.
Do you have anything to comment on the above? Share your thoughts with us in the section down below, or on our socials, on Facebook and Twitter.