XSS in Commscope Ruckus_smartzone
CVE-2023-49225
A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone, and AP Solo). If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in th…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.004 (33.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.
Affected products
- Commscope Ruckus_smartzone
- Commscope, Inc. Ap Solo C110 — versions 114.0.0.0.6565 and earlier
- Commscope, Inc. Ap Solo E510 — versions 114.0.0.0.6565 and earlier
- Commscope, Inc. Ap Solo H320 — versions 114.0.0.0.6565 and earlier
- Commscope, Inc. Ap Solo H350 — versions 116.0.0.0.3128 and earlier
- Commscope, Inc. Ap Solo H510 — versions 114.0.0.0.6565 and earlier
- Commscope, Inc. Ap Solo H550 — versions 116.0.0.0.1506 and earlier
- Commscope, Inc. Ap Solo M510 — versions 114.0.0.0.6565 and earlier
- Commscope, Inc. Ap Solo R310 — versions 110.0.0.0.2014 and earlier
- Commscope, Inc. Ap Solo R320 — versions 114.0.0.0.6565 and earlier
Weakness classification (CWE)
References
- vultures@jpcert.or.jp (Patch, Vendor Advisory)
- vultures@jpcert.or.jp (Third Party Advisory)
Frequently asked questions
- What is CVE-2023-49225?
- CVE-2023-49225 is a medium-severity vulnerability in Commscope Ruckus_smartzone, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2023-12-07.
- How severe is CVE-2023-49225?
- Medium severity. CVSS v3 base score is 6.1 out of 10.