FortiGuard Labs has recently observed a spike in our detection for the Ruckus Wireless Admin RCE vulnerability (CVE-2023-25717). Ruckus Wireless Admin version 10.4 and earlier are vulnerable affecting multiple Ruckus wireless Access Point (AP) devices. Successful exploitation could result in total compromise of the vulnerable devices.Why is this Significant?This is significant because Fortinet telemetry indicates the Ruckus Wireless Admin RCE Vulnerability (CVE-2023-25717) is being exploited in the wild, potentially resulting in attackers taking control of the vulnerable Ruckus wireless AP devices. Also, Proof-of-Concept (PoC) code is publicly available. As such, a patch should be applied as soon as possible.What is CVE-2023-25717?CVE-2023-25717 is a Remote Code Execution vulnerability that affects Ruckus Wireless Admin version 10.4 and earlier. The advisory published by Ruckus lists multiple wireless Access Point (AP) devices that are susceptible to the vulnerability. Successful exploitation could result in total compromise of the vulnerable devices.The vulnerability is due to improper handling of a crafted HTTP request. A remote authenticated attacker could exploit the vulnerability by sending crafted HTTP requests to the target server. Successful exploitation could result in total compromise of the affected devices. The vulnerability has a CVSS base score of 9.8.Has the Vendor Released an Advisory for CVE-2023-25717?Yes. Please refer to the Appendix for a link to “Security Bulletin 20230208”.Has the Vendor Released a Patch for CVE-2023-25717?Yes, a vendor patch is available.Which Ruckus Devices are Vulnerable to CVE-2023-25717?The list of affected devices is available in the vendor advisory. Please refer to the Appendix for a link to “Security Bulletin 20230208”.What is the Status of the Protection?FortiGuard Labs released the following IPS signature in version 23.531 for CVE-2023-25717:Ruckus.Wireless.Admin.Remote.Code.Execution (default action is set to “pass”)
More Stories
CyberDanube Security Research 20241219-0 | Authenticated Remote Code Execution in Ewon Flexy 205
Posted by Thomas Weber | CyberDanube via Fulldisclosure on Dec 21 CyberDanube Security Research 20241219-0 ------------------------------------------------------------------------------- title| Authenticated Remote Code...
USN-7179-1: Linux kernel vulnerabilities
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote...
USN-7173-2: Linux kernel vulnerabilities
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to...
swiftlint-0.57.1-1.fc42
FEDORA-2024-87d30b4fbf Packages in this update: swiftlint-0.57.1-1.fc42 Update description: Automatic update for swiftlint-0.57.1-1.fc42. Changelog * Fri Dec 20 2024 Davide Cavalca...
USN-7166-3: Linux kernel (HWE) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...
USN-7159-4: Linux kernel (IoT) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...