CVE-2020-26879 PoC — Ruckus Networks Ruckus vRioT 信任管理问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-26879.yaml

Associated Vulnerability

Title:Ruckus Networks Ruckus vRioT 信任管理问题漏洞 (CVE-2020-26879)
Description:Ruckus Networks Ruckus vRioT是美国Ruckus Networks公司的一个基于蓝牙、ZigBee、LoRa实现端点连接的软件。 Ruckus Networks Ruckus vRioT 1.5.1.0.21 之前版本存在安全漏洞，该漏洞源于Ruckus vRioT有一个API后门，未经身份验证的攻击者可以通过使用后门生成值作为Authorization标头来与服务API进行交互。

Description

Ruckus vRioT through 1.5.1.0.21 contains an API backdoor caused by a hardcoded token in validate_token.py,letting unauthenticated attackers interact with the API without authentication.

File Snapshot


 id: CVE-2020-26879

info:
  name: Ruckus vRioT IoT Controller - Authentication Bypass
  author: Dhiy

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!