Enterprise wireless hotspots from Ruckus can be trivially crashed and their login systems bypassed, Tripwire researchers warn.
Tripwire followed up a 2014 study into the insecurity of Ruckus routers with a new investigation into the vendor's enterprise-focused wireless routers.
Three blunders involving an authentication bypass, a denial-of-service weakness, and an information disclosure flaw were discovered during an audit of the widely used Ruckus H500 access point:
Authentication bypass: All requests to the router's web-based user interface containing a particular string received "200 OK" responses.
By creatively adding this string to other requests, it was possible to get back webpages from the user interface intended only for authenticated users.
Denial of service: There is a particular page accessible over HTTP without authentication that, when requested over SSL, causes the management interface to become unavailable.