CVE-2023-45992

CRITICAL

RUCKUS Cloudpath <5.12.5538 - XSS/CSRF

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-45992. PoCs published by harry935.

AI-analyzed exploit summary The repository lacks functional exploit code and instead promises future technical details, which is a common tactic for luring researchers into external downloads or monetization schemes.

Description

A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system.

Exploits (1)

nomisec SUSPICIOUS

by harry935 · poc

https://github.com/harry935/CVE-2023-45992

View Code ZIP pw:eip

The repository lacks functional exploit code and instead promises future technical details, which is a common tactic for luring researchers into external downloads or monetization schemes.

Classification

Suspicious 90%

Attack Type

Xss

Complexity

Theoretical

Reliability

Theoretical

Target: Ruckus CloudPath 5.12 build 5538 or before

No auth needed

Prerequisites: None specified

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5

Core References

Not Applicable

http://ruckus.com

Exploit, Third Party Advisory

https://github.com/harry935/CVE-2023-45992

Broken Link

https://server.cloudpath/

Broken Link

https://server.cloudpath/admin/enrollmentData/

Vendor Advisory

https://support.ruckuswireless.com/security_bulletins/322

Scores

CVSS v3 9.6

EPSS 0.0059

EPSS Percentile 43.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Details

CWE

CWE-352 CWE-79

Status published

Products (1)

commscope/ruckus_cloudpath_enrollment_system < 5.12.5538

Published Oct 19, 2023

Tracked Since Feb 18, 2026