[Japanese]

JVNDB-2023-000119

Ruckus Access Point contains a cross-site scripting vulnerability.

Overview

Ruckus Access Point provided by CommScope, Inc. contains a cross-site scripting vulnerability (CWE-79).

MUNEHIRO SHIRATANI of AGEST,Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 6.1 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 2.6 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


CommScope
  • AP Solo R750 versions 114.0.0.0.6565 and earlier
  • AP Solo R650 versions 114.0.0.0.6565 and earlier
  • AP Solo R730 versions 114.0.0.0.6565 and earlier
  • AP Solo T750 versions 114.0.0.0.6565 and earlier
  • AP Solo R550 versions 114.0.0.0.5585 and earlier
  • AP Solo R850 versions 114.0.0.0.5585 and earlier
  • AP Solo T750SE versions 114.0.0.0.5585 and earlier
  • AP Solo R510 versions 114.0.0.0.6565 and earlier
  • AP Solo T310D versions 114.0.0.0.6565 and earlier
  • AP Solo E510 versions 114.0.0.0.6565 and earlier
  • AP Solo C110 versions 114.0.0.0.6565 and earlier
  • AP Solo R320 versions 114.0.0.0.6565 and earlier
  • AP Solo H510 versions 114.0.0.0.6565 and earlier
  • AP Solo H320 versions 114.0.0.0.6565 and earlier
  • AP Solo T310S versions 114.0.0.0.6565 and earlier
  • AP Solo T310N versions 114.0.0.0.6565 and earlier
  • AP Solo T310C versions 114.0.0.0.6565 and earlier
  • AP Solo T305 versions 114.0.0.0.6565 and earlier
  • AP Solo M510 versions 114.0.0.0.6565 and earlier
  • AP Solo R720 versions 114.0.0.0.6565 and earlier
  • AP Solo R710 versions 114.0.0.0.6565 and earlier
  • AP Solo T710 versions 114.0.0.0.6565 and earlier
  • AP Solo T710s versions 114.0.0.0.6565 and earlier
  • AP Solo T610 versions 114.0.0.0.6565 and earlier
  • AP Solo T610s versions 114.0.0.0.6565 and earlier
  • AP Solo R610 versions 114.0.0.0.6565 and earlier
  • AP Solo R310 versions 110.0.0.0.2014 and earlier
  • AP Solo R760 versions 118.1.0.0.1274 and earlier
  • AP Solo R560 versions 118.1.0.0.1908 and earlier
  • AP Solo H550 versions 116.0.0.0.1506 and earlier
  • AP Solo H350 versions 116.0.0.0.3128 and earlier
  • AP Solo T350c versions 116.0.0.0.1543 and earlier
  • AP Solo T350d versions 116.0.0.0.1543 and earlier
  • AP Solo T350se versions 116.0.0.0.3136 and earlier
  • AP Solo R350 versions 116.0.0.0.1655 and earlier
  • SmartZone versions 6.1.1 and earlier
  • ZoneDirector versions 10.5.1 and earlier

Impact

An arbitrary script may be executed on the web browser of the user who is logging in the product.
Solution

[Update the Software]
Update the software to the latest version according to the information provided by the developer.
The developer addressed the vulnerability in the following versions:
  • ZoneDirector 10.5.1.0.255 or later
  • SmartZone 6.1.2 or later
  • AP Solo 118.2.0.0.875
  • Vendor Information

    CommScope
    CWE (What is CWE?)

    1. Cross-site Scripting(CWE-79) [IPA Evaluation]
    CVE (What is CVE?)

    1. CVE-2023-49225
    References

    1. JVN : JVN#45891816
    Revision History

    • [2023/12/01]
        Web page was published