Stored Cross-Site Scripting in AVTECH SECURITY DGM1104
CVE-2025-57202

6.1MEDIUM

Key Information:

Vendor: AVTECH SECURITY Corporation
Status: DGM1104
Vendor: CVE Published:; 3 December 2025

🔔 Create AVTECH SECURITY Corporation Vulnerability Alert

What is CVE-2025-57202?

A stored cross-site scripting (XSS) vulnerability exists within the PwdGrp.cgi endpoint of the AVTECH SECURITY DGM1104 product line. This flaw enables attackers to inject malicious scripts into the username field, which can lead to the execution of arbitrary web scripts or HTML on the affected devices. If exploited, this vulnerability could allow unauthorized actions to be performed in the context of the end user, posing significant security risks for users of the DGM1104 devices.

References

http://avtech.com

http://dmg1104.com

https://github.com/xchg-rax-rax/vulnerability-research/tr...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 3, 2025
Vulnerability Reserved
Aug 17, 2025

JSON