Gal Zror


Talk Title:

Don't Ruck Us Too Hard - Owning All of Ruckus AP devices


Ruckus Networks is a company selling wired and wireless networking equipment and software. This talk will present vulnerability research conducted on Ruckus access points and controllers which resulted in MULTIPLE pre-auth RCE 0-days. Exploitation used various of vulnerabilities such as: information leak, authentication bypass, command injection, Jailbreak, stack overflow and arbitrary file read/write. Throughout the research 33 different access points and 2 controllers firmware were examined and ALL of them were found vulnerable. This talk will also introduce and share the framework used in this research. It includes Ghidra scripts and a dockerized full system QEMU emulation for different architectures.

Here’s a fun fact, Ruckus’s devices were used by BlackHat USA.


Gal Zror is a research team leader in Aleph Research group at HCL AppScan which based in Heyzliya Israel. Gal has extensive experience with vulnerability research and specialized in embedded systems and protocols. Gal is also an amateur boxer and a tiki culture enthusiastic.

Copyright © 2019-20 | Nullcon India | International Security Conference | All Rights Reserved