CVE-2019-25284

Summary

V-SOL GPON/EPON OLT Platform v2.03 contains multiple reflected cross-site scripting vulnerabilities due to improper input sanitization in various script parameters. Attackers can exploit these vulnerabilities by injecting malicious HTML and script code to execute arbitrary scripts in a victim's browser session.

Affected Software

VendorProductVersion RangeStatus
Guangzhou VV-SOL GPON/EPON OLT PlatformV2.03.62R_IPv6affected
Guangzhou VV-SOL GPON/EPON OLT PlatformV2.03.54Raffected
Guangzhou VV-SOL GPON/EPON OLT PlatformV2.03.52Raffected
Guangzhou VV-SOL GPON/EPON OLT PlatformV2.03.49affected
Guangzhou VV-SOL GPON/EPON OLT PlatformV2.03.47affected
Guangzhou VV-SOL GPON/EPON OLT PlatformV2.03.40affected
Guangzhou VV-SOL GPON/EPON OLT PlatformV2.03.26affected
Guangzhou VV-SOL GPON/EPON OLT PlatformV2.03.24affected
Guangzhou VV-SOL GPON/EPON OLT PlatformV1.8.6affected
Guangzhou VV-SOL GPON/EPON OLT PlatformV1.4affected

Weaknesses

  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References