CVE-2025-10546 | THREATINT

Description

This vulnerability exist in PPC 2K15X Router, due to improper input validation for the Common Gateway Interface (CGI) parameters at its web management portal. A remote attacker could exploit this vulnerability by injecting malicious JavaScript into the vulnerable parameter, leading to a reflected Cross-Site Scripting (XSS) attack on the targeted system.

PUBLISHED Reserved 2025-09-16 | Published 2025-09-16 | Updated 2025-09-16 | Assigner CERT-In

MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Product status

Default status

unaffected

v2.3.15PPCL

affected

v1.0.3

affected

Credits

This vulnerability is reported by Shravan Singh & Amey Chavekar finder

References

www.cert-in.org.in/...eid=PUBVLNOTES01&VLCODE=CIVN-2025-0215 third-party-advisory

cve.org (CVE-2025-10546)

nvd.nist.gov (CVE-2025-10546)

Download JSON