This is an important security announcement.
A critical vulnerability was found in the web services component in earlier RUCKUS AP software. If the
affected web services component is enabled on the AP, this vulnerability allows an attacker to perform
remote code execution (RCE) and cross-site request forgery (CSRF).
A security bulletin was posted by RUCKUS Networks Security team on 8th Feb 2023. Please refer the same from the below link.
You can also refer our Technical Support Response Center page from the below link. It has more information.
Please be informed, all the impacted devices were already fixed long back. However, if you are running your RUCKUS APs on an impacted version, please refer our Technical Support Response Center page and upgrade your controller/APs to the recommended versions.
While you check and plan to upgrade your devices, we strongly recommend you to implement the workaround first, as this will immediately block the possibility of this security vulnerability.
Workaround: This vulnerability can be mitigated by disabling the web services (HTTP and HTTPS) on the AP. This can be done by using the AP CLI command "set https disable" and "set http disable" command.
Note: For ZoneDirector and SmartZone APs, the web services components are disabled by default, once AP joins the controller.
Some quick facts:
If you got any queries, please use the comment section on this thread.
So we are adviced to upgrade as below;
While ZD1200 has firmware for 10.5.x version how come ZD11XX and ZD30XX series doesn't have?
How we can secure ZD1125, ZD1150 and ZD3050 models then?
As long as AP web (http/https) is disabled, none of your APs are impacted. Please refer the workaround for the EOL devices which cannot be upgraded to the recommended version.
Your security advisory says Solo APs "184.108.40.206.5562 and earlier" are affected.
Although I can reproduce the POC on APs running ZD 10.3 & 10.4 firmware, I can't reproduce on e.g. a zf7982 running Solo 104.0.
Is it only Solo 114.x which is affected, or is it really all previous Solo versions too (in which case I'll try harder to reproduce)?
This is quite important to know, since you're not releasing security fixes for old APs.