JVN#45891816: Ruckus Access Point vulnerable to cross-site scripting

Ruckus Access Point provided by CommScope, Inc. contains a cross-site scripting vulnerability (CWE-79).

Impact

An arbitrary script may be executed on the web browser of the user who is logging in the product.

Solution

Update the Software
Update the software to the latest version according to the information provided by the developer.
The developer addressed the vulnerability in the following versions:

• ZoneDirector 10.5.1.0.255 or later
• SmartZone 6.1.2 or later
• AP Solo 118.2.0.0.875

Products Affected

The following Ruckus Access Points are affected by this vulnerability.

• ZoneDirector: versions 10.5.1 and earlier
• SmartZone: versions 6.1.1 and earlier
• AP Solo:
  • R750, R650, R730, T750 versions 114.0.0.0.6565 and earlier
  • R550, R850, T750SE versions 114.0.0.0.5585 and earlier
  • R510, T310D, E510, C110, R320, H510, H320, T310S, T310N, T310C, T305, M510 versions 114.0.0.0.6565 and earlier
  • R720, R710, T710, T710s, T610, T610s, R610 versions 114.0.0.0.6565 and earlier
  • R310 versions 110.0.0.0.2014 and earlier
  • R760 versions 118.1.0.0.1274 and earlier
  • R560 versions 118.1.0.0.1908 and earlier
  • H550 versions 116.0.0.0.1506 and earlier
  • H350 versions 116.0.0.0.3128 and earlier
  • T350c versions 116.0.0.0.1543 and earlier
  • T350d versions 116.0.0.0.1543 and earlier
  • T350se versions 116.0.0.0.3136 and earlier
  • R350 versions 116.0.0.0.1655 and earlier