Showing results for 
Search instead for 
Did you mean: 

Cloudpath Persistent XSS and CSRF Vulnerability

RUCKUS Team Member

Hello All,

This is an important security announcement for Cloudpath.

What is the issue?

A vulnerability in the web-based interface of the RUCKUS Cloudpath product could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against an user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system.

What action should I take?

Updating the software to its most recent version, as detailed below, will resolve the vulnerability. Since this is a high severity vulnerability, all customers are strongly encouraged to apply the update at the earliest opportunity.

What is the impact on RUCKUS products?

The following table describes the vulnerable products and software versions and the recommended actions.



Vulnerable Release


Release Date


Version 5.12 build 5538 or earlier


Upgrade to Version 5.12 build 5550 or later


Oct 13th, 2023

New version is available for download on all the on-premises Cloudpath, Hosted Cloudpath are already patched with the fix.

Administrator>>>System Updates>>>Download Update.


When will this RUCKUS Security Advisory be publicly posted?

RUCKUS will release the initial security advisory to customers on 10/16/2023, follow below link for the official Security Advisory.

Vijay Kuniyal

Staff Technical Support Engineer

CCNA RnS | CCNA Wireless | CWNA | RASZA | Meraki CMNO | RACPA