CVE Catalog

CVE-2025-70545

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

22th percentile - higher than 22% of all known CVEs

Summary

A stored cross-site scripting (XSS) vulnerability exists in the web management interface of the PPC (Belden) ONT 2K05X router running firmware v1.1.9_206L. The CGI component improperly handles user-supplied input, allowing a remote, unauthenticated attacker to inject persistent JavaScript.

Risk Assessment

An attacker can steal administrative sessions, redirect users to malicious sites, or perform arbitrary actions within the management interface, compromising network confidentiality and integrity.

Recommendation

Immediately update the router firmware to the latest version and implement input filtering and sanitization in the CGI component.

Original NVD description (English source)

A stored cross-site scripting (XSS) vulnerability exists in the web management interface of the PPC (Belden) ONT 2K05X router running firmware v1.1.9_206L. The Common Gateway Interface (CGI) component improperly handles user-supplied input, allowing a remote, unauthenticated attacker to inject arbitrary JavaScript that is persistently stored and executed when the affected interface is accessed.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS