CVE-2025-10546

Cross-Site Scripting (XSS) Vulnerability in PPC XPON ONT Wi-Fi Router

Description

This vulnerability exist in PPC 2K15X Router, due to improper input validation for the Common Gateway Interface (CGI) parameters at its web management portal. A remote attacker could exploit this vulnerability by injecting malicious JavaScript into the vulnerable parameter, leading to a reflected Cross-Site Scripting (XSS) attack on the targeted system.

INFO

Published Date :

2025-09-16T12:18:58.822Z

Last Modified :

2025-09-16T12:18:58.822Z

Source :

CERT-In

AFFECTED PRODUCTS

The following products are affected by CVE-2025-10546 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-10546.

URL	Resource
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0215

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability