CVE-2025-70545
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk22th percentile - higher than 22% of all known CVEs
Summary
A stored cross-site scripting (XSS) vulnerability exists in the web management interface of the PPC (Belden) ONT 2K05X router running firmware v1.1.9_206L. The CGI component improperly handles user-supplied input, allowing a remote, unauthenticated attacker to inject persistent JavaScript.
Risk Assessment
An attacker can steal administrative sessions, redirect users to malicious sites, or perform arbitrary actions within the management interface, compromising network confidentiality and integrity.
Recommendation
Immediately update the router firmware to the latest version and implement input filtering and sanitization in the CGI component.
Original NVD description (English source)
A stored cross-site scripting (XSS) vulnerability exists in the web management interface of the PPC (Belden) ONT 2K05X router running firmware v1.1.9_206L. The Common Gateway Interface (CGI) component improperly handles user-supplied input, allowing a remote, unauthenticated attacker to inject arbitrary JavaScript that is persistently stored and executed when the affected interface is accessed.

