Security News > 2020 > January > Critical Vulnerabilities Impact Ruckus Wi-Fi Routers

Multiple critical vulnerabilities in Ruckus Wi-Fi routers used throughout the world were disclosed at the 36th Chaos Communication Congress in Leipzig, Germany, held from December 27-30, 2019.

Although the devices examined were from the Ruckus Unleashed stable, Zror told SecurityWeek, "I believe the same issues will affect the Ruckus regular routers and other Ruckus devices. Without pre-authentication," he continued, "I can run my own code on those devices. The implication is that I can upload my own malware into the router, and manipulate all the router activity, as I wish. From there I can access any other network, including the corporate network, that may be connected or may also use Ruckus devices."

Ruckus told SecurityWeek, "Once upgraded to the latest version, these access points will be protected against recently discovered vulnerabilities that could allow an attacker to gain unauthenticated access to ZoneDirector and Unleashed APs, as well as ZoneDirector controllers running off older firmware. As with any product, Ruckus will continue to release periodic firmware updates for its access points, including those running off ZoneDirector and Unleashed."

There are numerous threats from these vulnerabilities that - given the popularity of Ruckus devices - could potentially affect many thousands of users.

"The first one, for example, is simple to execute." By introducing custom malware, it would be easy to take down all the Ruckus routers or access points at a specific location.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/uK8y8ueO2oY/critical-vulnerabilities-impact-ruckus-wi-fi-routers