CVE-2025-10546

Summary

This vulnerability exist in PPC 2K15X Router, due to improper input validation for the Common Gateway Interface (CGI) parameters at its web management portal. A remote attacker could exploit this vulnerability by injecting malicious JavaScript into the vulnerable parameter, leading to a reflected Cross-Site Scripting (XSS) attack on the targeted system.

Affected Software

VendorProductVersion RangeStatus
PPC TechnologiesPPC XPON ONT (Optical Network Terminal) 2K15Xv2.3.15PPCLaffected
PPC TechnologiesPPC XPON ONT (Optical Network Terminal) 2K15Xv1.0.3affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Workarounds

i. Disable remote management ii. Restrict admin access to trusted LAN devices only iii. Avoid accessing the management UI via untrusted links

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References