Critical Ruckus RCE flaw exploited by new DDoS botnet malware

A new malware botnet named ‘AndoryuBot’ is targeting a critical-severity flaw in the Ruckus Wireless Admin panel to infect unpatched Wi-Fi access points for use in DDoS attacks.

Tracked as CVE-2023-25717, the flaw impacts all Ruckus Wireless Admin panels version 10.4 and older, allowing remote attackers to perform code execution by sending unauthenticated HTTP GET requests to vulnerable devices.

The botnet malware aims to enlist vulnerable devices to its DDoS swarm that it operates for profit.

The malware will receive commands from the command and control server that tell it the DDoS type, the target IP address, and the port number to attack.

The malware’s operators rent their firepower to other cybercriminals who want to launch DDoS attacks, accepting cryptocurrency payments for their services.

To prevent botnet malware infections, apply available firmware updates, use strong device administrator passwords, and disable remote admin panel access if not needed.

Share this article on social media:

Subscribe to Our Newsletter!

Stay on top of cybersecurity risks, evolving threats and industry news.

This field is for validation purposes and should be left unchanged.

Recent News

Featured Services

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

BOOK A MEETING

Enter your Email Address

This field is for validation purposes and should be left unchanged.

* No free email provider (e.g: gmail.com, hotmail.com, etc.)

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.