Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-63735 PoC — CommScope Ruckus Unleashed 安全漏洞

Source
https://github.com/huthx/CVE-2025-63735-Ruckus-Unleashed-Reflected-XSS
Associated Vulnerability
Title:CommScope Ruckus Unleashed 安全漏洞 (CVE-2025-63735)
Description:CommScope Ruckus Unleashed是美国CommScope公司的一款无线路由器。 CommScope Ruckus Unleashed 200.13.6.1.319版本存在安全漏洞,该漏洞源于captive-portal端点selfguestpass/guestAccessSubmit.jsp中参数name处理不当,可能导致反射型跨站脚本攻击。
Description
Reflected XSS in Ruckus Unleashed 200.13.6.1.319 via the name parameter.
Readme
# CVE-2025-63735 – Reflected XSS in Ruckus Unleashed 200.13.6.1.319

## Summary
A reflected cross-site scripting (XSS) vulnerability exists in Ruckus Unleashed 200.13.6.1.319 via the `name` parameter to the captive-portal endpoint `selfguestpass/guestAccessSubmit.jsp`.

## Vendor
Ruckus Wireless

## Product
Controller-less Systems (RUCKUS Unleashed)

## Affected Version
200.13.6.1.319

## Vulnerable Endpoint
`/selfguestpass/guestAccessSubmit.jsp`

## Parameter
`name`

## Proof of Concept
`https://192.168.1.51/selfguestpass/guestAccessSubmit.jsp?cookie=null&tip=5&name=</p><form><iframe &#09;&#10;&#11; src="javascript&#58;alert('huthx')"&#11;&#10;&#09;;>`
![xss](https://github.com/user-attachments/assets/0873ea26-21b2-4012-a31d-89741c700ad4)

## Description
The application reflects unsanitized user-controlled input from the `name` parameter back into the page response, enabling arbitrary JavaScript execution.

## Impact
An attacker can execute JavaScript in the victim’s browser, leading to session hijacking, credential theft, forced redirection, or UI manipulation.

## Discoverer
Huthaifa Qashou

## References
- https://www.ruckusnetworks.com/products/network-control-and-management/controller-less/
- CVE-2025-63735 (MITRE) – Pending publication

## Disclosure Timeline
- Reported to vendor: 24 October 2025
- CVE reserved: 12 November 2025
- Public disclosure: 24 November 2025
File Snapshot

 [4.0K]  /data/pocs/a3f5863ec661b4ad01408cda88a342ba97036050
└── [1.4K]  README.md

1 directory, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.