May 10, 2023

Ruckus RCE vulnerability exploits in the wild

Following the critical vulnerability in Ruckus Wireless Admin panels that was fixed on February 8, 2023.
Exploitation of the vulnerability by a botnet named ‘AndoryuBot’ and remote code execution was observed.

The Critical Vulnerability

• CVE-2023-25717 (CVSS 3.1: 9.1, Critical) Vulnerability in Ruckus Wireless Admin panels , allowing remote attackers to perform code execution by sending unauthenticated HTTP GET requests to vulnerable devices.

Affected Products

•  All Ruckus Wireless Admin panels version 10.4 and older.

Mitigation

CYREBRO those who use the vulnerable products to apply available patches in order to prevent botnet malware infection

References: SAP Advisory