Ruckus Networks Issues Security Advisory for Critical RCE Vulnerability in Access Points
Ruckus APs running specific software versions are vulnerable to unauthenticated remote code execution attacks.
Ruckus Networks has issued a security advisory warning of a critical remote code execution vulnerability affecting several of its access point (AP) products. The vulnerability, identified internally by Ruckus, allows unauthenticated attackers to execute arbitrary code on vulnerable devices via the SSH interface.
The vulnerability stems from inadequate input sanitization, which can be exploited by attackers to inject and execute malicious code. Ruckus has not yet identified any instances of this vulnerability being exploited in the wild.
Affected Products and Remediation
The following Ruckus AP products running the specified software versions are affected:
- SmartZone: 5.1 through 5.2.1
- AP Solo: 112.1.0.0.504 through 114.0.0.1294
- ZD: 10.3 and 10.4
- Unleashed: 200.8
Ruckus urges all affected customers to update their AP software to the latest versions as soon as possible to address this critical vulnerability. The advisory provides specific software versions and release dates for each affected product.
No Workarounds Available
There are no workarounds available for this vulnerability. Updating to the latest software version is the only way to remediate the issue.
Recommendations
- Update AP Software: Immediately update all affected Ruckus APs to the latest software versions.
- Monitor Network Activity: Closely monitor network activity for any suspicious behavior.
- Review Security Practices: Review and strengthen overall network security practices, including access controls and intrusion detection systems.
Ruckus customers are encouraged to consult the official security advisory for detailed information and further guidance on mitigating this vulnerability.
