CVE-2025-2191

Name of the Vulnerable Software and Affected Versions Claro A7600-A1 RNR4-A72T-2x16 v2110403 CLA 32 160817

Description A problem has been found in the Ping6 Diagnóstico component, specifically in the /form2pingv6.cgi file. The issue affects some unknown functionality of this file. The manipulation of the ip6addr argument with specific input, such as <img/src/onerror=prompt(8)>, leads to cross-site scripting. This issue can be exploited remotely. The exploit has been made public, and the vendor was contacted about this issue but did not respond.

Recommendations As a temporary workaround, consider restricting access to the /form2pingv6.cgi file to minimize the risk of exploitation. Avoid using the ip6addr argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.