fkie_cve-2025-26202
Vulnerability from fkie_nvd
Published
2025-03-04 19:15
Modified
2025-03-14 20:15
Severity ?
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-Site Scripting (XSS) vulnerability exists in the WPA/WAPI Passphrase field of the Wireless Security settings (2.4GHz & 5GHz bands) in DZS Router Web Interface. An authenticated attacker can inject malicious JavaScript into the passphrase field, which is stored and later executed when an administrator views the passphrase via the "Click here to display" option on the Status page
References
cve@mitre.orghttps://github.com/A17-ba/CVE-2025-26202-Details
134c704f-9b21-4f2e-91b3-4a467353bcc0https://github.com/A17-ba/CVE-2025-26202-Details
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-Site Scripting (XSS) vulnerability exists in the WPA/WAPI Passphrase field of the Wireless Security settings (2.4GHz \u0026 5GHz bands) in DZS Router Web Interface. An authenticated attacker can inject malicious JavaScript into the passphrase field, which is stored and later executed when an administrator views the passphrase via the \"Click here to display\" option on the Status page"
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de cross site scripting (XSS) en el campo Frase de contrase\u00f1a WPA/WAPI de la configuraci\u00f3n de seguridad inal\u00e1mbrica (bandas de 2,4 GHz y 5 GHz) en la interfaz web del enrutador DZS. Un atacante autenticado puede inyectar c\u00f3digo JavaScript malicioso en el campo de frase de contrase\u00f1a, que se almacena y se ejecuta posteriormente cuando un administrador ve la frase de contrase\u00f1a a trav\u00e9s de la opci\u00f3n \"Haga clic aqu\u00ed para visualizar\" en la p\u00e1gina de estado."
    }
  ],
  "id": "CVE-2025-26202",
  "lastModified": "2025-03-14T20:15:14.167",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 2.7,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-03-04T19:15:38.640",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/A17-ba/CVE-2025-26202-Details"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://github.com/A17-ba/CVE-2025-26202-Details"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.