We’re aware of a vulnerability in the web-based interface used to manage RUCKUS access points that could allow a remote attacker to execute a cross-site scripting (XSS) attack against a user logged on to the interface of the affected device.
Please note that Equipment Support schools and those that have completed Equipment Replacement do not need to take any action as N4L is applying the remediation steps recommended by CommScope RUCKUS for these schools.
Schools with RUCKUS access points that are not part of Equipment Support or have not completed Equipment Replacement should upgrade their software to the latest version and disable http and https access to all access points.
You can find more information in the CommScope RUCKUS advisory here.