CVE 5.1 MEDIUM

Cross-Site Scripting (XSS) Vulnerability in PPC XPON ONT Wi-Fi Router_CVE-2025-10546

September 16, 2025 invoker category_cve
5.1 / 10
MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Description

This vulnerability exist in PPC 2K15X Router, due to improper input validation for the Common Gateway Interface (CGI) parameters at its web management portal. A remote attacker could exploit this vulnerability by injecting malicious JavaScript into the vulnerable parameter, leading to a reflected Cross-Site Scripting (XSS) attack on the targeted system.

Basic Information

ID CVE-2025-10546
Source CERT-In
Published Sep 16, 2025 at 12:18

Affected Product

Vendor PPC Technologies
Product PPC XPON ONT (Optical Network Terminal) 2K15X
Version v2.3.15PPCL
Affected Versions PPC Technologies PPC XPON ONT (Optical Network Terminal) 2K15X v2.3.15PPCL
PPC Technologies PPC XPON ONT (Optical Network Terminal) 2K15X v1.0.3

CWE Classification

CWE-79

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.