Stored cross-site scripting in CommScope products - CVE-2023-49225
Published: December 4, 2023
Vulnerability identifier: #VU83634
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-49225
CWE-ID: CWE-79
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Ruckus R750
Ruckus R650
Ruckus R730
Ruckus T750
Ruckus R550
Ruckus R850
Ruckus T750SE
Ruckus R510
Ruckus T310D
Ruckus E510
Ruckus C110
Ruckus R320
Ruckus H510
Ruckus H320
Ruckus T310S
Ruckus T310N
Ruckus T310C
Ruckus T305
Ruckus M510
Ruckus R710
Ruckus T710
Ruckus T710s
Ruckus T610
Ruckus T610s
Ruckus R610
Ruckus R310
Ruckus R760
Ruckus R560
Ruckus H550
Ruckus H350
Ruckus T350c
Ruckus T350d
Ruckus T350se
Ruckus R350
Ruckus R720
ZoneDirector
SmartZone
Ruckus R750
Ruckus R650
Ruckus R730
Ruckus T750
Ruckus R550
Ruckus R850
Ruckus T750SE
Ruckus R510
Ruckus T310D
Ruckus E510
Ruckus C110
Ruckus R320
Ruckus H510
Ruckus H320
Ruckus T310S
Ruckus T310N
Ruckus T310C
Ruckus T305
Ruckus M510
Ruckus R710
Ruckus T710
Ruckus T710s
Ruckus T610
Ruckus T610s
Ruckus R610
Ruckus R310
Ruckus R760
Ruckus R560
Ruckus H550
Ruckus H350
Ruckus T350c
Ruckus T350d
Ruckus T350se
Ruckus R350
Ruckus R720
ZoneDirector
SmartZone
Software vendor:
CommScope
CommScope
Description
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the web-based management. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Remediation
Install updates from vendor's website.