Chaos Communication Congress

Don't Ruck Us Too Hard - Owning Ruckus AP Devices (36x92)

Data di messa in onda: Dic 28, 2019

(3 different RCE vulnerabilities on Ruckus Wireless access points devices.) Ruckus Networks is a company selling wired and wireless networking equipment and software. This talk presents vulnerability research conducted on Ruckus access points and WiFi controllers, which resulted in 3 different pre-authentication remote code execution. Exploitation used various vulnerabilities such as information leak, authentication bypass, command injection, path traversal, stack overflow, and arbitrary file read/write. Throughout the research, 33 different access points firmware examined, and all of them were found vulnerable. This talk also introduces and shares the framework used in this research. That includes a Ghidra script and a dockerized QEMU full system emulation for easy cross-architecture research setup. Here's a fun fact: BlackHat USA 2019 used Ruckus Networks access points.