CVE-2019-19840

Vulnerability

A stack-based buffer overflow exists in the zap_parse_args function in zap.c of the zap binary in Ruckus Unleashed firmware through version 200.7.10.102.64. The vulnerability is triggered by parsing specially crafted HTTP requests without authentication, allowing attackers to overflow a stack buffer and control execution flow. [1][3]

Exploitation

An attacker needs no authentication or prior access to the device. By sending a crafted HTTP request to the vulnerable zap process, the attacker can trigger the stack-based buffer overflow in zap_parse_args. The request does not require any user interaction or special network position beyond network reachability to the affected access point's web interface. [1][2]

Impact

Successful exploitation allows an unauthenticated remote attacker to achieve remote code execution (RCE) on the target device with root privileges, due to the process running as root. This grants full control over the access point, including the ability to modify configuration, access sensitive data, and pivot to other parts of the network. [1][3]

Mitigation

Ruckus has not provided a direct patch for this specific vulnerability in the available references. Users should upgrade to firmware version 200.7.10.103.16 or later, as advised by the vendor for related vulnerabilities in the same family. If upgrading is not possible, restrict HTTP access to the management interface to trusted networks only. This CVE is currently listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. [1][2]