Security News > 2023 > May > Critical Ruckus RCE flaw exploited by new DDoS botnet malware
A new malware botnet named 'AndoryuBot' is targeting a critical-severity flaw in the Ruckus Wireless Admin panel to infect unpatched Wi-Fi access points for use in DDoS attacks.
Tracked as CVE-2023-25717, the flaw impacts all Ruckus Wireless Admin panels version 10.4 and older, allowing remote attackers to perform code execution by sending unauthenticated HTTP GET requests to vulnerable devices.
The botnet malware aims to enlist vulnerable devices to its DDoS swarm that it operates for profit.
The malware will receive commands from the command and control server that tell it the DDoS type, the target IP address, and the port number to attack.
The malware's operators rent their firepower to other cybercriminals who want to launch DDoS attacks, accepting cryptocurrency payments for their services.
To prevent botnet malware infections, apply available firmware updates, use strong device administrator passwords, and disable remote admin panel access if not needed.
News URL
Related news
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- MikroTik botnet uses misconfigured SPF DNS records to spread malware (source)
- Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation (source)
- Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices (source)
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)
- Mirai botnet behind the largest DDoS attack to date (source)
- New Aquabotv3 botnet malware targets Mitel command injection flaw (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-13 | CVE-2023-25717 | Code Injection vulnerability in Ruckuswireless Ruckus Wireless Admin, Smartzone and Smartzone AP Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring. | 9.8 |