CVE-2023-49225

A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone, and AP Solo). If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. As for the affected products/models/versions, see the information provided by the vendor listed under [References] section or the list under [Product Status] section.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
jpcertCNA
---
---
CVEADP
---
---
CISA-ADPADP
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
VendorProductVersion
ruckuswirelessr750_firmware
𝑥
≤ 114.0.0.0.6565
ruckuswirelessr650_firmware
𝑥
≤ 114.0.0.0.6565
ruckuswirelessr730_firmware
𝑥
≤ 114.0.0.0.6565
ruckuswirelesst750_firmware
𝑥
≤ 114.0.0.0.6565
ruckuswirelessr510_firmware
𝑥
≤ 114.0.0.0.6565
ruckuswirelesse510_firmware
𝑥
≤ 114.0.0.0.6565
ruckuswirelessc110_firmware
𝑥
≤ 114.0.0.0.6565
ruckuswirelessr320_firmware
𝑥
≤ 114.0.0.0.6565
ruckuswirelessh510_firmware
𝑥
≤ 114.0.0.0.6565
ruckuswirelessh320_firmware
𝑥
≤ 114.0.0.0.6565
ruckuswirelesst305_firmware
𝑥
≤ 114.0.0.0.6565
ruckuswirelessm510_firmware
𝑥
≤ 114.0.0.0.6565
ruckuswirelessr720_firmware
𝑥
≤ 114.0.0.0.6565
ruckuswirelessr710_firmware
𝑥
≤ 114.0.0.0.6565
ruckuswirelesst710_firmware
𝑥
≤ 114.0.0.0.6565
ruckuswirelesst610_firmware
𝑥
≤ 114.0.0.0.6565
ruckuswirelessr610_firmware
𝑥
≤ 114.0.0.0.6565
ruckuswirelesst310d_firmware
𝑥
≤ 114.0.0.0.6565
ruckuswirelesst310s_firmware
𝑥
≤ 114.0.0.0.6565
ruckuswirelesst310n_firmware
𝑥
≤ 114.0.0.0.6565
ruckuswirelesst310c_firmware
𝑥
≤ 114.0.0.0.6565
ruckuswirelesst710s_firmware
𝑥
≤ 114.0.0.0.6565
ruckuswirelesst610s_firmware
𝑥
≤ 114.0.0.0.6565
ruckuswirelessr550_firmware
𝑥
≤ 114.0.0.0.5585
ruckuswirelessr850_firmware
𝑥
≤ 114.0.0.0.5585
ruckuswirelesst750se_firmware
𝑥
≤ 114.0.0.0.5585
ruckuswirelessr310_firmware
𝑥
≤ 110.0.0.0.2014
ruckuswirelessr760_firmware
𝑥
≤ 118.1.0.0.1274
ruckuswirelessr760_firmware
𝑥
≤ 118.1.0.0.1274
ruckuswirelessr560_firmware
𝑥
≤ 118.1.0.0.1908
ruckuswirelessh550_firmware
𝑥
≤ 116.0.0.0.1506
ruckuswirelessh350_firmware
𝑥
≤ 116.0.0.0.3128
ruckuswirelesst350c_firmware
𝑥
≤ 116.0.0.0.1543
ruckuswirelesst350d_firmware
𝑥
≤ 116.0.0.0.1543
ruckuswirelesst350se_firmware
𝑥
≤ 116.0.0.0.3136
ruckuswirelessr350_firmware
𝑥
≤ 116.0.0.0.1655
ruckuswirelesssmartzone_firmware
𝑥
≤ 6.1.1
ruckuswirelesszonedirector_firmware
𝑥
≤ 10.5.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://jvn.jp/en/jp/JVN45891816/
https://support.ruckuswireless.com/security_bulletins/323
https://jvn.jp/en/jp/JVN45891816/
https://support.ruckuswireless.com/security_bulletins/323