Reflected Cross-Site Scripting Vulnerability in PPC 2K15X Router
CVE-2025-10546

5.1MEDIUM

Key Information:

Vendor: Ppc Technologies
Status: Ppc Xpon Ont (optical Network Terminal) 2k15x
Vendor: CVE Published:; 16 September 2025

🔔 Create Ppc Technologies Vulnerability Alert

What is CVE-2025-10546?

A vulnerability exists in the PPC 2K15X Router due to inadequate input validation of Common Gateway Interface (CGI) parameters within its web management interface. This flaw allows remote attackers to inject malicious JavaScript code into the vulnerable parameter. If exploited, it can lead to reflected Cross-Site Scripting (XSS) attacks, potentially compromising user data and enabling unauthorized actions on the targeted system.

Affected Version(s)

PPC XPON ONT (Optical Network Terminal) 2K15X v2.3.15PPCL

PPC XPON ONT (Optical Network Terminal) 2K15X v1.0.3

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOT...

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2025
Vulnerability Reserved
Sep 16, 2025

Credit

This vulnerability is reported by Shravan Singh & Amey Chavekar