QwikSec

Security Database

CVE

CWE

Training

CVE-2025-10546

Published: Sep 16, 2025

Modified: Sep 16, 2025

PUBLISHED

Description

This vulnerability exist in PPC 2K15X Router, due to improper input validation for the Common Gateway Interface (CGI) parameters at its web management portal. A remote attacker could exploit this vulnerability by injecting malicious JavaScript into the vulnerable parameter, leading to a reflected Cross-Site Scripting (XSS) attack on the targeted system.

Vendor	Product	Versions
PPC Technologies	PPC XPON ONT (Optical Network Terminal) 2K15X	affected `v2.3.15PPCL` affected `v1.0.3`

Weaknesses (CWE)

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0215

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.