CVE-2023-49225 - Vulnerability Details

A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone, and AP Solo). If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. As for the affected products/models/versions, see the information provided by the vendor listed under [References] section or the list under [Product Status] section.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00322.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Commscope	Ruckus Smartzone
Ruckuswireless	C110 C110 Firmware E510 E510 Firmware H320 H320 Firmware H350 H350 Firmware H510 H510 Firmware H550 H550 Firmware M510 M510 Firmware R310 R310 Firmware R320 R320 Firmware R350 R350 Firmware R510 R510 Firmware R550 R550 Firmware R560 R560 Firmware R610 R610 Firmware R650 R650 Firmware R710 R710 Firmware R720 R720 Firmware R730 R730 Firmware R750 R750 Firmware R760 R760 Firmware R850 R850 Firmware Smartzone Firmware T305 T305 Firmware T310c T310c Firmware T310d T310d Firmware T310n T310n Firmware T310s T310s Firmware T350c T350c Firmware T350d T350d Firmware T350se T350se Firmware T610 T610 Firmware T610s T610s Firmware T710 T710 Firmware T710s T710s Firmware T750 T750 Firmware T750se T750se Firmware Zonedirector Zonedirector Firmware

Configuration 1 [-]

AND

cpe:2.3:o:ruckuswireless:r750_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r750:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:ruckuswireless:r650_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r650:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:ruckuswireless:r730_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r730:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:ruckuswireless:t750_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t750:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:ruckuswireless:r510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r510:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:ruckuswireless:e510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:e510:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:ruckuswireless:c110_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:c110:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:ruckuswireless:r320_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r320:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:ruckuswireless:h510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:h510:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:ruckuswireless:h320_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:h320:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:ruckuswireless:t305_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t305:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:ruckuswireless:m510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:m510:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:ruckuswireless:r720_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r720:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:ruckuswireless:r710_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r710:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:ruckuswireless:t710_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t710:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:ruckuswireless:t610_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t610:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:ruckuswireless:r610_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r610:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:ruckuswireless:t310d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t310d:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:ruckuswireless:t310s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t310s:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:ruckuswireless:t310n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t310n:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:ruckuswireless:t310c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t310c:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:ruckuswireless:t710s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t710s:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:ruckuswireless:t610s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t610s:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:ruckuswireless:r550_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r550:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:ruckuswireless:r850_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r850:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:ruckuswireless:t750se_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t750se:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:ruckuswireless:r310_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r310:*:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:ruckuswireless:r760_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r760:*:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:ruckuswireless:r760_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r760:*:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:ruckuswireless:r560_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r560:*:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:ruckuswireless:h550_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:h550:*:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:ruckuswireless:h350_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:h350:*:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:o:ruckuswireless:t350c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t350c:*:*:*:*:*:*:*:*

Configuration 34 [-]

AND

cpe:2.3:o:ruckuswireless:t350d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t350d:*:*:*:*:*:*:*:*

Configuration 35 [-]

AND

cpe:2.3:o:ruckuswireless:t350se_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:t350se:*:*:*:*:*:*:*:*

Configuration 36 [-]

AND

cpe:2.3:o:ruckuswireless:r350_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:r350:*:*:*:*:*:*:*:*

Configuration 37 [-]

AND

cpe:2.3:o:ruckuswireless:smartzone_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:commscope:ruckus_smartzone:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND

cpe:2.3:o:ruckuswireless:zonedirector_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:zonedirector:-:*:*:*:*:*:*:*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-53228	A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone, and AP Solo). If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. As for the affected products/models/versions, see the information provided by the vendor listed under [References] section or the list under [Product Status] section.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://jvn.jp/en/jp/JVN45891816/
https://support.ruckuswireless.com/security_bulletins/323

History

Fri, 22 Aug 2025 21:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Commscope Commscope ruckus Smartzone
CPEs	cpe:2.3:h:ruckuswireless:smartzone:-:::::::*	cpe:2.3:h:commscope:ruckus_smartzone:-:::::::*
Vendors & Products	Ruckuswireless smartzone	Commscope Commscope ruckus Smartzone

Wed, 28 May 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2023-12-07T06:22:32.328Z

Updated: 2025-05-28T13:58:41.326Z

Reserved: 2023-11-24T00:19:52.591Z

Link: CVE-2023-49225

Vulnrichment

Updated: 2024-08-02T21:53:45.350Z

NVD

Status : Modified

Published: 2023-12-07T07:15:12.880

Modified: 2025-08-22T21:09:15.577

Link: CVE-2023-49225

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object