Security News > 2023 > May > CISA warns of critical Ruckus bug used to infect Wi-Fi access points
The U.S. Cybersecurity and Infrastructure Security Agency warned today of a critical remote code execution flaw in the Ruckus Wireless Admin panel actively exploited by a recently discovered DDoS botnet.
While this security bug was addressed in early February, many owners are likely yet to patch their Wi-Fi access points.
Attackers are abusing the bug to infect vulnerable Wi-Fi APs with AndoryuBot malware via unauthenticated HTTP GET requests.
Payments for this service are accepted through the CashApp mobile payment service or in various cryptocurrencies, including XMR, BTC, ETH, and USDT. CISA has given U.S. Federal Civilian Executive Branch Agencies a deadline of June 2nd to secure their devices against the critical CVE-2023-25717 RCE bug, which was added to its list of Known Exploited Vulnerabilities on Friday.
While the catalog mainly focuses on U.S. federal agencies, private companies are also strongly advised to prioritize addressing vulnerabilities listed in the KEV list since threat actors actively exploit them, thus exposing public and private organizations to increased risks of security breaches.
CISA also ordered federal agencies on Tuesday to patch a Windows zero-day by May 30th as it allows attackers to elevate privileges to gain SYSTEM user permissions on compromised Windows systems.
News URL
Related news
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-02-13 | CVE-2023-25717 | Code Injection vulnerability in Ruckuswireless Ruckus Wireless Admin, Smartzone and Smartzone AP Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring. | 9.8 |