Multiple critical vulnerabilities have been identified in Ruckus Wireless Virtual SmartZone and Network Director products, which could allow attackers to perform remote code execution and gain administrator privileges. These flaws include security bypasses, hardcoded secrets, and default keys, posing a significant risk to managed networks in diverse environments like hospitals and smart cities. #RuckusWireless #CERTCC #vSZ #RND
Keypoints
- Several vulnerabilities in Ruckus Virtual SmartZone (vSZ) and Network Director (RND) could lead to remote code execution and privilege escalation.
- Hardcoded secrets, including API keys, JWT tokens, and RSA keys, significantly weaken the security posture of these products.
- Attackers can bypass authentication and access high-privilege functions using HTTP headers and valid API keys.
- Default SSH keys and weak encryption algorithms further threaten the integrity and confidentiality of managed environments.
- No patches have been released, so users are advised to restrict access and isolate affected systems.
Read More: https://www.securityweek.com/unpatched-ruckus-vulnerabilities-allow-wireless-environment-hacking/