Cross-Site Scripting Vulnerability in Cianet ONU GW24AC Login Functionality
CVE-2025-0869

5.3MEDIUM

Key Information:

Vendor

Cianet

Status
Onu Gw24ac
Vendor
CVE Published:
30 January 2025

What is CVE-2025-0869?

A vulnerability has been identified in the Cianet ONU GW24AC, specifically within the Login component. This issue allows for cross-site scripting (XSS) exploitation through the manipulation of the 'browserLang' parameter. Attackers can launch remote attacks by injecting malicious scripts, thereby compromising user data and system integrity. The exploit details have been publicly disclosed, raising concerns regarding potential misuse in various threat scenarios.

Affected Version(s)

ONU GW24AC 20250127

References

https://vuldb.com/?id.294055
vdb-entrytechnical-description
https://vuldb.com/?ctiid.294055
signaturepermissions-required
https://vuldb.com/?submit.489867
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

c4ng4c3ir0 (VulDB User)
.