<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1462084720533760&amp;ev=PageView&amp;noscript=1">
Vulnerability Report

CVE-2020-26878 Ruckus vRioT RCE

Virsec Security Research Lab Vulnerability Analysis

The Virsec Security Research Lab provides detailed analysis on recent and notable security vulnerabilities.

Vulnerability Summary

Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API (/service/v1/createUser endpoint), injecting arbitrary commands that will be executed as root user via web.py.

Watch the video to learn more about this and other important vulnerabilities.

CVSS Score

The CVSS Base Score is 8.8 (High)

Affected Version

Ruckus IoT 1.5.1.0.21 (GA) vRIoT Server Software Release

Vulnerability Attribution

Reported by Adepts of 0xCC.

Risk Impact

Every day more people are turning their homes into “Smart Homes,” so we are developing an immeasurable desire to find vulnerabilities in components that manage IoT devices in some way. We discovered the “Ruckus IoT Suite” and wanted to hunt for some vulnerabilities. We focused on Ruckus IoT Controller (Ruckus vRIoT), which is a virtual component of the “IoT Suite” in charge of integrating IoT devices and IoT services via exposed APIs.

This software is provided as a VM in OVA format (Ruckus IoT 1.5.1.0.21 (GA) vRIoT Server Software Release), so it can be run by VMware and VirtualBox. This is a good way of obtaining and analyzing the software, as it serves as a testing platform.

Exploit is available publicly here. Ruckus wireless which was acquired by ARRIS International plc has large market share in Wireless and IoT space. This vulnerability will have impact of attacker running malware on smart building system which could compromise building security.

Virsec Security Platform (VSP) Support

Virsec security platform (VSP)-Host monitors processes that are spawned which are not part of a set of whitelisted process. Any attempt to execute new command or unknown binary would be denied by VSP-Host’s Process Monitoring capability.

Reference Links

Download the full vulnerability report to learn more about this and other important vulnerabilities.