6.1
CVE-2023-49225
- EPSS 0.32%
- Published 07.12.2023 07:15:12
- Last modified 22.08.2025 21:09:15
- Source vultures@jpcert.or.jp
- Teams watchlist Login
- Open Login
A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone, and AP Solo). If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. As for the affected products/models/versions, see the information provided by the vendor listed under [References] section or the list under [Product Status] section.
Data is provided by the National Vulnerability Database (NVD)
Ruckuswireless ≫ R750 Firmware Version <= 114.0.0.0.6565
Ruckuswireless ≫ R650 Firmware Version <= 114.0.0.0.6565
Ruckuswireless ≫ R730 Firmware Version <= 114.0.0.0.6565
Ruckuswireless ≫ T750 Firmware Version <= 114.0.0.0.6565
Ruckuswireless ≫ R510 Firmware Version <= 114.0.0.0.6565
Ruckuswireless ≫ E510 Firmware Version <= 114.0.0.0.6565
Ruckuswireless ≫ C110 Firmware Version <= 114.0.0.0.6565
Ruckuswireless ≫ R320 Firmware Version <= 114.0.0.0.6565
Ruckuswireless ≫ H510 Firmware Version <= 114.0.0.0.6565
Ruckuswireless ≫ H320 Firmware Version <= 114.0.0.0.6565
Ruckuswireless ≫ T305 Firmware Version <= 114.0.0.0.6565
Ruckuswireless ≫ M510 Firmware Version <= 114.0.0.0.6565
Ruckuswireless ≫ R720 Firmware Version <= 114.0.0.0.6565
Ruckuswireless ≫ R710 Firmware Version <= 114.0.0.0.6565
Ruckuswireless ≫ T710 Firmware Version <= 114.0.0.0.6565
Ruckuswireless ≫ T610 Firmware Version <= 114.0.0.0.6565
Ruckuswireless ≫ R610 Firmware Version <= 114.0.0.0.6565
Ruckuswireless ≫ T310d Firmware Version <= 114.0.0.0.6565
Ruckuswireless ≫ T310s Firmware Version <= 114.0.0.0.6565
Ruckuswireless ≫ T310n Firmware Version <= 114.0.0.0.6565
Ruckuswireless ≫ T310c Firmware Version <= 114.0.0.0.6565
Ruckuswireless ≫ T710s Firmware Version <= 114.0.0.0.6565
Ruckuswireless ≫ T610s Firmware Version <= 114.0.0.0.6565
Ruckuswireless ≫ R550 Firmware Version <= 114.0.0.0.5585
Ruckuswireless ≫ R850 Firmware Version <= 114.0.0.0.5585
Ruckuswireless ≫ T750se Firmware Version <= 114.0.0.0.5585
Ruckuswireless ≫ R310 Firmware Version <= 110.0.0.0.2014
Ruckuswireless ≫ R760 Firmware Version <= 118.1.0.0.1274
Ruckuswireless ≫ R760 Firmware Version <= 118.1.0.0.1274
Ruckuswireless ≫ R560 Firmware Version <= 118.1.0.0.1908
Ruckuswireless ≫ H550 Firmware Version <= 116.0.0.0.1506
Ruckuswireless ≫ H350 Firmware Version <= 116.0.0.0.3128
Ruckuswireless ≫ T350c Firmware Version <= 116.0.0.0.1543
Ruckuswireless ≫ T350d Firmware Version <= 116.0.0.0.1543
Ruckuswireless ≫ T350se Firmware Version <= 116.0.0.0.3136
Ruckuswireless ≫ R350 Firmware Version <= 116.0.0.0.1655
Ruckuswireless ≫ Smartzone Firmware Version <= 6.1.1
Ruckuswireless ≫ Zonedirector Firmware Version <= 10.5.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.32% | 0.544 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.