HCL SW Blogs
Select Page

On August 8th, Gal Zror from the HCL AppScan Aleph cyber-security team will present a DEF CON session titled, “Don’t Ruck Us Again – The Exploit Returns.”

This session will cover Gal’s follow up research to an initial vulnerability he discovered related to Ruckus Wireless’ “ZoneDirector” and “Unleashed” routers, presented at the 36th annual Chaos Communication Congress. The researchers examined the firmware of 33 different Ruckus access points, all of which were found to be vulnerable.

Three attack scenarios were discovered:

  1. A web interface credential disclosure and CLI jailbreak to obtain a root shell on the access point.
  2. A stack overflow in the ‘zap’ executable that was made possible by sending an unauthenticated HTTP request to the web interface.
  3. An arbitrary file write using the ‘zap’ executable that can create a new ‘jsp’ page that does not require authentication and is vulnerable to command injection.

“Some of these vulnerabilities are really straightforward,” Zror told SecurityWeek. “The first one, for example, is simple to execute.”

As noted by TechCrunch, if attackers find and take advantage of vulnerabilities in the router’s software, they can control the device and gain access to the wider internal network, exposing computers and other devices to hacks and data theft. Zror explains that because many of the routers are accessible from the internet, they make “very good candidates for botnets.” That’s when an attacker forcibly enlists a vulnerable router — or any other internet-connected device — into its own distributed network, controlled by a malicious actor, which can be collectively told to pummel websites and other networks with massive amounts of junk traffic, knocking them offline. There are “thousands” of vulnerable Ruckus routers on the internet.

Zror’s follow-up research includes six new vulnerabilities, such as command injection, information leakage, credentials overwrite, stack overflow and Cross-Site Scripting (XSS). With these vulnerabilities, he was able to detect two new and different pre-auth Remote Code Execution attacks (RCEs). Combined with his first research, Zror has uncovered five entirely different RCEs in total. He also found that Ruckus did not fix some of the vulnerabilities from the first research correctly, and they are still exploitable by using a very neat payload.

90% of attacked devices are routers and connected cameras, according to a 2019 Symantec Internet Security Threat Report (ISTR).

Once a router is hacked, your entire business network and anything connected to it is at risk. According to the University of Maryland, malicious hackers are now attacking computers and networks at a rate of one attack every 39 seconds.

Securing wireless endpoints is paramount in reducing cyber-attacks, but the odds are that hackers will gain access, especially given the larger attack surface created by the unique circumstances in 2020. Consider a multi-layered device, DevOps and AppSec approach that includes application security testing measures that minimize the potential risk of OWASP Top 10 vulnerabilities, such as Injection and Cross-Site Scripting (XSS).

You can test-drive HCL AppScan on Cloud here.

Comment wrap
Further Reading
What’s New in AppScan on Cloud
HCLSoftware | February 15, 2022
What’s New in AppScan on Cloud?
Know about AppScan on Cloud recently with fantastic new features that make scanning more convenient. This blog is on benefits offered by AppScan on Cloud.
2022 Robservations on Application Security
HCLSoftware | January 11, 2022
2022 Robservations on Application Security
Learn about the new cyber gate breakers organization founded by VCISO Naomi Buckwalter and this new Cybersecurity Careers book by BISO Alyssa Miller.
Application security re-imagined with AppScan V.10.0.6
HCLSoftware | November 12, 2021
Application security re-imagined with AppScan V.10.0.6
HCL AppScan, an application security testing tool, is out with the new update. Know how it will empower developers by providing a new support system and enhancing user experience.
Filters result by