Attacker Value
Unknown
0
CVE-2023-49225
0
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2023-49225
(Last updated December 13, 2023) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
MITRE ATT&CK
Select the MITRE ATT&CK Tactics that apply to this CVE
Collection
Select any Techniques used:
Command and Control
Select any Techniques used:
Credential Access
Select any Techniques used:
Defense Evasion
Select any Techniques used:
Discovery
Select any Techniques used:
Execution
Select any Techniques used:
Exfiltration
Select any Techniques used:
Impact
Select any Techniques used:
Initial Access
Select any Techniques used:
Lateral Movement
Select any Techniques used:
Persistence
Select any Techniques used:
Privilege Escalation
Select any Techniques used:
Topic Tags
Select the tags that apply to this CVE (Assessment added tags are disabled and cannot be removed)
What makes this of high-value to an attacker?
What makes this of low-value to an attacker?
Description
A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone, and AP Solo). If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. As for the affected products/models/versions, see the information provided by the vendor listed under [References] section or the list under [Product Status] section.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
6.1 Medium
Impact Score:
2.7
Exploitability Score:
2.8
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope (S):
Changed
Confidentiality (C):
Low
Integrity (I):
Low
Availability (A):
None
General Information
Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
ZoneDirector 10.5.1 and earlier
SmartZone 6.1.1 and earlier
AP Solo R750 114.0.0.0.6565 and earlier
AP Solo R650 114.0.0.0.6565 and earlier
AP Solo R730 114.0.0.0.6565 and earlier
AP Solo T750 114.0.0.0.6565 and earlier
AP Solo R550 114.0.0.0.5585 and earlier
AP Solo R850 114.0.0.0.5585 and earlier
AP Solo T750SE 114.0.0.0.5585 and earlier
AP Solo R510 114.0.0.0.6565 and earlier
AP Solo T310D 114.0.0.0.6565 and earlier
AP Solo E510 114.0.0.0.6565 and earlier
AP Solo C110 114.0.0.0.6565 and earlier
AP Solo R320 114.0.0.0.6565 and earlier
AP Solo H510 114.0.0.0.6565 and earlier
AP Solo H320 114.0.0.0.6565 and earlier
AP Solo T310S 114.0.0.0.6565 and earlier
AP Solo T310N 114.0.0.0.6565 and earlier
AP Solo T310C 114.0.0.0.6565 and earlier
AP Solo T305 114.0.0.0.6565 and earlier
AP Solo M510 114.0.0.0.6565 and earlier
AP Solo R720 114.0.0.0.6565 and earlier
AP Solo R710 114.0.0.0.6565 and earlier
AP Solo T710 114.0.0.0.6565 and earlier
AP Solo T710s 114.0.0.0.6565 and earlier
AP Solo T610 114.0.0.0.6565 and earlier
AP Solo T610s 114.0.0.0.6565 and earlier
AP Solo R610 114.0.0.0.6565 and earlier
AP Solo R310 110.0.0.0.2014 and earlier
AP Solo R760 118.1.0.0.1274 and earlier
AP Solo R560 118.1.0.0.1908 and earlier
AP Solo H550 116.0.0.0.1506 and earlier
AP Solo H350 116.0.0.0.3128 and earlier
AP Solo T350c 116.0.0.0.1543 and earlier
AP Solo T350d 116.0.0.0.1543 and earlier
AP Solo T350se 116.0.0.0.3136 and earlier
AP Solo R350 116.0.0.0.1655 and earlier
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown
Vendors
Products
- c110 firmware,
- e510 firmware,
- h320 firmware,
- h350 firmware,
- h510 firmware,
- h550 firmware,
- m510 firmware,
- r310 firmware,
- r320 firmware,
- r350 firmware,
- r510 firmware,
- r550 firmware,
- r560 firmware,
- r610 firmware,
- r650 firmware,
- r710 firmware,
- r720 firmware,
- r730 firmware,
- r750 firmware,
- r760 firmware,
- r850 firmware,
- smartzone firmware,
- t305 firmware,
- t310c firmware,
- t310d firmware,
- t310n firmware,
- t310s firmware,
- t350c firmware,
- t350d firmware,
- t350se firmware,
- t610 firmware,
- t610s firmware,
- t710 firmware,
- t710s firmware,
- t750 firmware,
- t750se firmware,
- zonedirector firmware
References
Additional Info
Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Rapid7
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
