CVE-2025-64054

Critical CVSS: 9.6

A reflected Cross Site Scripting (XSS) vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint.

Vendor

Fanvil

Product

X210 Firmware

CWE

CWE-79

Yayın Tarihi

2025-12-05 16:15:50

Güncelleme

2026-01-09 02:17:20

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 X210 Firmware CRITICAL Fanvil 2025

Referanslar

http://fanvil.com https://github.com/SpikeReply/advisories/blob/main/cve/fanvil/cve-2025-64054.md

Benzer Kayıtlar

Medium

CVE-2025-64052

An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to execute arb…

High

CVE-2025-64053

A Buffer overflow vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentia…

Medium

CVE-2025-64056

File upload vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store arbit…

High

CVE-2025-64057

Directory traversal vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to sto…

Critical

CVE-2025-64055

An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access admi…