CVE-2023-49225

MEDIUM EPSS 33.2%
Published Dec 7, 20232y ago · Modified Jun 17, 20262w ago
6.1 CVSS 3.1
Medium
Find Similar
Published Dec 7, 2023 2y ago
Last Modified Jun 17, 2026 2w ago

Description

A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone, and AP Solo). If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. As for the affected products/models/versions, see the information provided by the vendor listed under [References] section or the list under [Product Status] section.

CVSS Details

Base Score
6.1
Exploitability
2.8
Impact
2.7
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Changed
Confidentiality Low
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
33.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 76

VendorProductVersionRange
ruckuswirelessr750_firmware* ≤114.0.0.0.6565
ruckuswirelessr750*any
ruckuswirelessr650_firmware* ≤114.0.0.0.6565
ruckuswirelessr650*any
ruckuswirelessr730_firmware* ≤114.0.0.0.6565
ruckuswirelessr730*any
ruckuswirelesst750_firmware* ≤114.0.0.0.6565
ruckuswirelesst750*any
ruckuswirelessr510_firmware* ≤114.0.0.0.6565
ruckuswirelessr510*any
ruckuswirelesse510_firmware* ≤114.0.0.0.6565
ruckuswirelesse510*any
ruckuswirelessc110_firmware* ≤114.0.0.0.6565
ruckuswirelessc110*any
ruckuswirelessr320_firmware* ≤114.0.0.0.6565
ruckuswirelessr320*any
ruckuswirelessh510_firmware* ≤114.0.0.0.6565
ruckuswirelessh510*any
ruckuswirelessh320_firmware* ≤114.0.0.0.6565
ruckuswirelessh320*any
ruckuswirelesst305_firmware* ≤114.0.0.0.6565
ruckuswirelesst305*any
ruckuswirelessm510_firmware* ≤114.0.0.0.6565
ruckuswirelessm510*any
ruckuswirelessr720_firmware* ≤114.0.0.0.6565
ruckuswirelessr720*any
ruckuswirelessr710_firmware* ≤114.0.0.0.6565
ruckuswirelessr710*any
ruckuswirelesst710_firmware* ≤114.0.0.0.6565
ruckuswirelesst710*any
ruckuswirelesst610_firmware* ≤114.0.0.0.6565
ruckuswirelesst610*any
ruckuswirelessr610_firmware* ≤114.0.0.0.6565
ruckuswirelessr610*any
ruckuswirelesst310d_firmware* ≤114.0.0.0.6565
ruckuswirelesst310d*any
ruckuswirelesst310s_firmware* ≤114.0.0.0.6565
ruckuswirelesst310s*any
ruckuswirelesst310n_firmware* ≤114.0.0.0.6565
ruckuswirelesst310n*any
ruckuswirelesst310c_firmware* ≤114.0.0.0.6565
ruckuswirelesst310c*any
ruckuswirelesst710s_firmware* ≤114.0.0.0.6565
ruckuswirelesst710s*any
ruckuswirelesst610s_firmware* ≤114.0.0.0.6565
ruckuswirelesst610s*any
ruckuswirelessr550_firmware* ≤114.0.0.0.5585
ruckuswirelessr550*any
ruckuswirelessr850_firmware* ≤114.0.0.0.5585
ruckuswirelessr850*any
ruckuswirelesst750se_firmware* ≤114.0.0.0.5585
ruckuswirelesst750se*any
ruckuswirelessr310_firmware* ≤110.0.0.0.2014
ruckuswirelessr310*any
ruckuswirelessr760_firmware* ≤118.1.0.0.1274
ruckuswirelessr760*any
ruckuswirelessr760_firmware* ≤118.1.0.0.1274
ruckuswirelessr760*any
ruckuswirelessr560_firmware* ≤118.1.0.0.1908
ruckuswirelessr560*any
ruckuswirelessh550_firmware* ≤116.0.0.0.1506
ruckuswirelessh550*any
ruckuswirelessh350_firmware* ≤116.0.0.0.3128
ruckuswirelessh350*any
ruckuswirelesst350c_firmware* ≤116.0.0.0.1543
ruckuswirelesst350c*any
ruckuswirelesst350d_firmware* ≤116.0.0.0.1543
ruckuswirelesst350d*any
ruckuswirelesst350se_firmware* ≤116.0.0.0.3136
ruckuswirelesst350se*any
ruckuswirelessr350_firmware* ≤116.0.0.0.1655
ruckuswirelessr350*any
ruckuswirelesssmartzone_firmware* ≤6.1.1
commscoperuckus_smartzone*any
ruckuswirelesszonedirector_firmware* ≤10.5.1
ruckuswirelesszonedirector*any

References 2

  • jvn.jp https://jvn.jp/en/jp/JVN45891816/
    Third Party Advisory
  • support.ruckuswireless.com https://support.ruckuswireless.com/security_bulletins/323
    PatchVendor Advisory

Remediation