Update Ruckus Router Firmware to Fix Serious Vulnerabilities
Security researchers have identified a number of vulnerabilities in Ruckus APs and routers. Typically, they all affect the user interface of the router, allowing an attacker to log in as an administrator regardless of your password and still control your router from afar.
And when that happens, HCL Technologies’ Gal Zror told TechCrunch , your router is a great candidate for all kinds of malicious activity. An attacker could use your hardware as part of a massive botnet to launch distributed denial of service attacks against other websites, or they could simply hijack your browsing experience and provide you with fake pages to phish your account credentials when you try to visit. regular sites.
Since Ruckus routers are primarily for businesses and not home, this situation could get worse – not that it would be great if someone fed you phishing sites instead of lifehacker-dot-com in your home, but at least least you are not making your living. t potentially affected. And in this case, only you should deal with troubleshooting; An attacker using a vulnerable Ruckus router or access point from the company’s Unleashed line could affect employees throughout the office. And this only increases the likelihood of problems.
Ruckus has patched these vulnerabilities in various firmware updates, but all affected routers require manual updates. If you’re the network administrator for your small business, you should already know what to do. If not, or you’re not sure if your friendly IT manager has seen the news, it wouldn’t hurt to stop by and say hello this morning. They will want to make sure your business’s Unleashed APs have at least firmware version 200.7.10.202.92 installed, and they can quickly get any updates they need from here .
Given the simplicity of attacks – one can be launched with a single line of code – I’d make sure they know sooner rather than later if you happen to find out that your office or business is using Ruckus hardware. (We hope you are using company devices with SmartZone or Cloud support, which are not affected.)