CVE-2020-26878 Ruckus vRioT RCE
Virsec Security Research Lab Vulnerability Analysis
The Virsec Security Research Lab provides detailed analysis on recent and notable security vulnerabilities.
Ruckus through 184.108.40.206.21 is affected by remote command injection. An authenticated user can submit a query to the API (/service/v1/createUser endpoint), injecting arbitrary commands that will be executed as root user via web.py.
Watch the video to learn more about this and other important vulnerabilities.
The CVSS Base Score is 8.8 (High)
Ruckus IoT 220.127.116.11.21 (GA) vRIoT Server Software Release
Reported by Adepts of 0xCC.
Every day more people are turning their homes into “Smart Homes,” so we are developing an immeasurable desire to find vulnerabilities in components that manage IoT devices in some way. We discovered the “Ruckus IoT Suite” and wanted to hunt for some vulnerabilities. We focused on Ruckus IoT Controller (Ruckus vRIoT), which is a virtual component of the “IoT Suite” in charge of integrating IoT devices and IoT services via exposed APIs.
This software is provided as a VM in OVA format (Ruckus IoT 18.104.22.168.21 (GA) vRIoT Server Software Release), so it can be run by VMware and VirtualBox. This is a good way of obtaining and analyzing the software, as it serves as a testing platform.
Exploit is available publicly here. Ruckus wireless which was acquired by ARRIS International plc has large market share in Wireless and IoT space. This vulnerability will have impact of attacker running malware on smart building system which could compromise building security.
Virsec Security Platform (VSP) Support
Virsec security platform (VSP)-Host monitors processes that are spawned which are not part of a set of whitelisted process. Any attempt to execute new command or unknown binary would be denied by VSP-Host’s Process Monitoring capability.
Download the full vulnerability report to learn more about this and other important vulnerabilities.