Info Security Magazine10 May 2023
New Botnet Campaign Exploits Ruckus Wireless Flaw
Tracked CVE-2023-25717, the flaw was recently exploited by the AndoryuBot botnet, says Fortinet
Ruckus Wireless Access Point (AP) software contains an unspecified vulnerability in the web services component. If the web services component is enabled on the AP, an attacker can perform cross-site request forgery (CSRF) or remote code execution (RCE). This vulnerability impacts Ruckus ZoneDirector, SmartZone, and Solo APs.
Ruckus Wireless ยท Multiple Products
Known ransomware use: Unknown
Follow the source advisory and validate exposure in your environment.
Apply updates per vendor instructions or disconnect product if it is end-of-life.
Recent reporting that mentions CVE-2023-25717.
Tracked CVE-2023-25717, the flaw was recently exploited by the AndoryuBot botnet, says Fortinet