Ruckus vRioT IoT Controller - Authentication Bypass

Short Info

Level

Critical

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

1 week 17 hours

Scan only one

Domain, Subdomain, IPv4

Toolbox

-

Ruckus vRioT through 1.5.1.0.21 contains an API backdoor caused by a hardcoded token in validate_token.py,letting unauthenticated attackers interact with the API without authentication.

References:

https://adepts.of0x.cc/ruckus-vriot-rce/
https://adepts.of0x.cc
https://twitter.com/TheXC3LL
https://x-c3ll.github.io
https://github.com/alphaSeclab/sec-daily-2020
https://nvd.nist.gov/vuln/detail/CVE-2020-26879

Get started to protecting your digital assets

Start trial See the plans

Ruckus vRioT IoT Controller - Authentication Bypass

Short Info

-

Detail

Category