Cross-Site Scripting Vulnerability in FiberHome AN5506-01A ONU GPON RP2511
CVE-2025-1615

4.8MEDIUM

Key Information:

Vendor
Fiberhome
Status
An5506-01a Onu Gpon
Vendor
CVE Published:
24 February 2025

Summary

A problematic vulnerability has been identified in the FiberHome AN5506-01A ONU GPON RP2511, specifically within the NAT Submenu component. This flaw allows for the manipulation of the argument 'Description,' leading to the possibility of cross-site scripting attacks. Such attacks can be executed remotely, posing a risk to users. Despite reaching out to the vendor regarding this issue, there has been no response, highlighting the critical need for users to remain vigilant and secure their systems against potential threats.

Affected Version(s)

AN5506-01A ONU GPON RP2511

References

https://vuldb.com/?id.296605
vdb-entrytechnical-description
https://vuldb.com/?ctiid.296605
signaturepermissions-required
https://vuldb.com/?submit.501408
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Fergod (VulDB User)
.