start portlet menu bar

HCLSoftware: Fueling the Digital+ Economy

Display portlet menu
end portlet menu bar
Close
Select Page

On August 8th, Gal Zror from the HCL AppScan Aleph cyber-security team will present a DEF CON session titled, “Don’t Ruck Us Again – The Exploit Returns.”

This session will cover Gal’s follow up research to an initial vulnerability he discovered related to Ruckus Wireless’ “ZoneDirector” and “Unleashed” routers, presented at the 36th annual Chaos Communication Congress. The researchers examined the firmware of 33 different Ruckus access points, all of which were found to be vulnerable.

Three attack scenarios were discovered:

  1. A web interface credential disclosure and CLI jailbreak to obtain a root shell on the access point.
  2. A stack overflow in the ‘zap’ executable that was made possible by sending an unauthenticated HTTP request to the web interface.
  3. An arbitrary file write using the ‘zap’ executable that can create a new ‘jsp’ page that does not require authentication and is vulnerable to command injection.

“Some of these vulnerabilities are really straightforward,” Zror told SecurityWeek. “The first one, for example, is simple to execute.”

As noted by TechCrunch, if attackers find and take advantage of vulnerabilities in the router’s software, they can control the device and gain access to the wider internal network, exposing computers and other devices to hacks and data theft. Zror explains that because many of the routers are accessible from the internet, they make “very good candidates for botnets.” That’s when an attacker forcibly enlists a vulnerable router — or any other internet-connected device — into its own distributed network, controlled by a malicious actor, which can be collectively told to pummel websites and other networks with massive amounts of junk traffic, knocking them offline. There are “thousands” of vulnerable Ruckus routers on the internet.

Zror’s follow-up research includes six new vulnerabilities, such as command injection, information leakage, credentials overwrite, stack overflow and Cross-Site Scripting (XSS). With these vulnerabilities, he was able to detect two new and different pre-auth Remote Code Execution attacks (RCEs). Combined with his first research, Zror has uncovered five entirely different RCEs in total. He also found that Ruckus did not fix some of the vulnerabilities from the first research correctly, and they are still exploitable by using a very neat payload.

90% of attacked devices are routers and connected cameras, according to a 2019 Symantec Internet Security Threat Report (ISTR).

Once a router is hacked, your entire business network and anything connected to it is at risk. According to the University of Maryland, malicious hackers are now attacking computers and networks at a rate of one attack every 39 seconds.

Securing wireless endpoints is paramount in reducing cyber-attacks, but the odds are that hackers will gain access, especially given the larger attack surface created by the unique circumstances in 2020. Consider a multi-layered device, DevOps and AppSec approach that includes application security testing measures that minimize the potential risk of OWASP Top 10 vulnerabilities, such as Injection and Cross-Site Scripting (XSS).

You can test-drive HCL AppScan on Cloud here.

Comment wrap

Start a Conversation with Us

We’re here to help you find the right solutions and support you in achieving your business goals.

  |  December 23, 2024
Transforming Application Security Testing with Developer-Centric DAST
Empower developers to find and fix vulnerabilities early with developer-centric DAST. Learn how this approach can improve your application security testing.
  |  October 29, 2024
HCL AppScan 360º v1.4.0: Redefining AppSec with Powerful New Features
Explore HCL AppScan 360º v1.4.0 with VM installation, GitHub integration, GenAI AutoFix, and enhanced DAST/SAST features for seamless security management.
  |  October 23, 2024
HCL AppScan 10.7.0: AI-Driven Security & API Scanning Upgrades
Discover the new features of HCL AppScan 10.7.0, including AI-powered vulnerability detection, enhanced API scanning, and a modernized user interface for better security.