The Ruckus Wireless Admin panel contains a significant remote code execution (RCE) weakness that is being actively exploited by a recently identified DDoS botnet, according to a warning from the U.S. Cybersecurity and Infrastructure Security Agency (CISA).Although this security flaw (CVE-2023-25717) was patched in the beginning of February, many owners probably haven’t yet updated their Wi-Fi access points. For people who own affected end-of-life models, there is also no patch available.
By using unauthenticated HTTP GET queries, attackers are taking advantage of the flaw to infect susceptible Wi-Fi APs with the AndoryuBot malware, which was discovered in February 2023. There are 12 DDoS attack types that the virus supports: tcp-raw, tcp-socket, tcp-cnc, tcp-handshake, udp-plain, udp-game, udp-ovh, udp-raw, udp-vse, udp-dstat, udp-bypass, and icmp-echo.