Strix
26.1K

CVE-2023-49225

MEDIUMCVSS 6.1/10EPSS 0.41%

Last modified

CVE-2023-49225 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone, and AP Solo). If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. EPSS estimates a 0.41% chance of exploitation in the next 30 days.

Description

A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone, and AP Solo). If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. As for the affected products/models/versions, see the information provided by the vendor listed under [References] section or the list under [Product Status] section.

Metrics

CVSS 3.1
6.1/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Probability
0.41%

33.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
RuckuswirelessR750 Firmware<= 114.0.0.0.6565
RuckuswirelessR650 Firmware<= 114.0.0.0.6565
RuckuswirelessR730 Firmware<= 114.0.0.0.6565
RuckuswirelessT750 Firmware<= 114.0.0.0.6565
RuckuswirelessR510 Firmware<= 114.0.0.0.6565
RuckuswirelessE510 Firmware<= 114.0.0.0.6565
RuckuswirelessC110 Firmware<= 114.0.0.0.6565
RuckuswirelessR320 Firmware<= 114.0.0.0.6565
RuckuswirelessH510 Firmware<= 114.0.0.0.6565
RuckuswirelessH320 Firmware<= 114.0.0.0.6565
RuckuswirelessT305 Firmware<= 114.0.0.0.6565
RuckuswirelessM510 Firmware<= 114.0.0.0.6565
RuckuswirelessR720 Firmware<= 114.0.0.0.6565
RuckuswirelessR710 Firmware<= 114.0.0.0.6565
RuckuswirelessT710 Firmware<= 114.0.0.0.6565
RuckuswirelessT610 Firmware<= 114.0.0.0.6565
RuckuswirelessR610 Firmware<= 114.0.0.0.6565
RuckuswirelessT310d Firmware<= 114.0.0.0.6565
RuckuswirelessT310s Firmware<= 114.0.0.0.6565
RuckuswirelessT310n Firmware<= 114.0.0.0.6565
RuckuswirelessT310c Firmware<= 114.0.0.0.6565
RuckuswirelessT710s Firmware<= 114.0.0.0.6565
RuckuswirelessT610s Firmware<= 114.0.0.0.6565
RuckuswirelessR550 Firmware<= 114.0.0.0.5585
RuckuswirelessR850 Firmware<= 114.0.0.0.5585
RuckuswirelessT750se Firmware<= 114.0.0.0.5585
RuckuswirelessR310 Firmware<= 110.0.0.0.2014
RuckuswirelessR760 Firmware<= 118.1.0.0.1274
RuckuswirelessR560 Firmware<= 118.1.0.0.1908
RuckuswirelessH550 Firmware<= 116.0.0.0.1506
RuckuswirelessH350 Firmware<= 116.0.0.0.3128
RuckuswirelessT350c Firmware<= 116.0.0.0.1543
RuckuswirelessT350d Firmware<= 116.0.0.0.1543
RuckuswirelessT350se Firmware<= 116.0.0.0.3136
RuckuswirelessR350 Firmware<= 116.0.0.0.1655
RuckuswirelessSmartzone Firmware<= 6.1.1
RuckuswirelessZonedirector Firmware<= 10.5.1

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-49225?
A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone, and AP Solo). If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. As for the affected products/models/versions, see the information provided by the vendor listed under [References] section or the list under [Product Status] section.
How severe is CVE-2023-49225?
CVE-2023-49225 has a CVSS score of 6.1/10 (MEDIUM severity). The EPSS model estimates a 0.41% probability of exploitation in the next 30 days.
How do I fix CVE-2023-49225?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-49225?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST