CVE-2023-49225

Description

A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone, and AP Solo). If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. As for the affected products/models/versions, see the information provided by the vendor listed under [References] section or the list under [Product Status] section.

Category

6.1
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.32%
Vendor Advisory ruckuswireless.com
Affected: CommScope, Inc. ZoneDirector
Affected: CommScope, Inc. SmartZone
Affected: CommScope, Inc. AP Solo R750
Affected: CommScope, Inc. AP Solo R650
Affected: CommScope, Inc. AP Solo R730
Affected: CommScope, Inc. AP Solo T750
Affected: CommScope, Inc. AP Solo R550
Affected: CommScope, Inc. AP Solo R850
Affected: CommScope, Inc. AP Solo T750SE
Affected: CommScope, Inc. AP Solo R510
Affected: CommScope, Inc. AP Solo T310D
Affected: CommScope, Inc. AP Solo E510
Affected: CommScope, Inc. AP Solo C110
Affected: CommScope, Inc. AP Solo R320
Affected: CommScope, Inc. AP Solo H510
Affected: CommScope, Inc. AP Solo H320
Affected: CommScope, Inc. AP Solo T310S
Affected: CommScope, Inc. AP Solo T310N
Affected: CommScope, Inc. AP Solo T310C
Affected: CommScope, Inc. AP Solo T305
Affected: CommScope, Inc. AP Solo M510
Affected: CommScope, Inc. AP Solo R720
Affected: CommScope, Inc. AP Solo R710
Affected: CommScope, Inc. AP Solo T710
Affected: CommScope, Inc. AP Solo T710s
Affected: CommScope, Inc. AP Solo T610
Affected: CommScope, Inc. AP Solo T610s
Affected: CommScope, Inc. AP Solo R610
Affected: CommScope, Inc. AP Solo R310
Affected: CommScope, Inc. AP Solo R760
Affected: CommScope, Inc. AP Solo R560
Affected: CommScope, Inc. AP Solo H550
Affected: CommScope, Inc. AP Solo H350
Affected: CommScope, Inc. AP Solo T350c
Affected: CommScope, Inc. AP Solo T350d
Affected: CommScope, Inc. AP Solo T350se
Affected: CommScope, Inc. AP Solo R350
Published at:
Updated at:

References

Link Tags
https://support.ruckuswireless.com/security_bulletins/323 patch vendor advisory
https://jvn.jp/en/jp/JVN45891816/ third party advisory

Frequently Asked Questions

What is the severity of CVE-2023-49225?
CVE-2023-49225 has been scored as a medium severity vulnerability.
How to fix CVE-2023-49225?
To fix CVE-2023-49225, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-49225 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-49225 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-49225?
CVE-2023-49225 affects CommScope, Inc. ZoneDirector, CommScope, Inc. SmartZone, CommScope, Inc. AP Solo R750, CommScope, Inc. AP Solo R650, CommScope, Inc. AP Solo R730, CommScope, Inc. AP Solo T750, CommScope, Inc. AP Solo R550, CommScope, Inc. AP Solo R850, CommScope, Inc. AP Solo T750SE, CommScope, Inc. AP Solo R510, CommScope, Inc. AP Solo T310D, CommScope, Inc. AP Solo E510, CommScope, Inc. AP Solo C110, CommScope, Inc. AP Solo R320, CommScope, Inc. AP Solo H510, CommScope, Inc. AP Solo H320, CommScope, Inc. AP Solo T310S, CommScope, Inc. AP Solo T310N, CommScope, Inc. AP Solo T310C, CommScope, Inc. AP Solo T305, CommScope, Inc. AP Solo M510, CommScope, Inc. AP Solo R720, CommScope, Inc. AP Solo R710, CommScope, Inc. AP Solo T710, CommScope, Inc. AP Solo T710s, CommScope, Inc. AP Solo T610, CommScope, Inc. AP Solo T610s, CommScope, Inc. AP Solo R610, CommScope, Inc. AP Solo R310, CommScope, Inc. AP Solo R760, CommScope, Inc. AP Solo R560, CommScope, Inc. AP Solo H550, CommScope, Inc. AP Solo H350, CommScope, Inc. AP Solo T350c, CommScope, Inc. AP Solo T350d, CommScope, Inc. AP Solo T350se, CommScope, Inc. AP Solo R350.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.