Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API (/service/v1/createUser endpoint), injecting arbitrary commands that will be executed as root user via web.py.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26878
Reference (s):
- https://support.ruckuswireless.com/security_bulletins/305
- https://adepts.of0x.cc
- https://adepts.of0x.cc/ruckus-vriot-rce/
- https://support.ruckuswireless.com/documents
- https://twitter.com/TheXC3LL