CVE Catalog

CVE-2025-64054

CriticalCVSS 9.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.37%

29th percentile - higher than 29% of all known CVEs

Summary

A reflected Cross Site Scripting (XSS) vulnerability in Fanvil x210 devices version 2.12.20 allows attackers to cause denial of service or potentially execute arbitrary commands via a crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint.

Risk Assessment

The risk for the organization includes remote execution of JavaScript in the victim's browser context, potentially leading to session theft, redirection to malicious sites, or further attacks on the infrastructure.

Recommendation

It is recommended to immediately update the firmware of Fanvil x210 devices to the latest available version and restrict access to the management interface to trusted networks only.

Original NVD description (English source)

A reflected Cross Site Scripting (XSS) vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS