Home / Series / Chaos Communication Congress / Aired Order / Season 36 / Episode 92

Don't Ruck Us Too Hard - Owning Ruckus AP Devices

(3 different RCE vulnerabilities on Ruckus Wireless access points devices.) Ruckus Networks is a company selling wired and wireless networking equipment and software. This talk presents vulnerability research conducted on Ruckus access points and WiFi controllers, which resulted in 3 different pre-authentication remote code execution. Exploitation used various vulnerabilities such as information leak, authentication bypass, command injection, path traversal, stack overflow, and arbitrary file read/write. Throughout the research, 33 different access points firmware examined, and all of them were found vulnerable. This talk also introduces and shares the framework used in this research. That includes a Ghidra script and a dockerized QEMU full system emulation for easy cross-architecture research setup. Here's a fun fact: BlackHat USA 2019 used Ruckus Networks access points.

English
  • Originally Aired December 28, 2019
  • Runtime 60 minutes
  • Production Code 10816
  • Created December 28, 2019 by
    Administrator admin
  • Modified December 28, 2019 by
    Administrator admin