CVE-2025-26202

Name of the Vulnerable Software and Affected Versions DZS Router Web Interface (affected versions not specified)

Description A Cross-Site Scripting (XSS) issue exists in the WPA/WAPI Passphrase field of the Wireless Security settings for both 2.4GHz and 5GHz bands. An authenticated attacker can inject malicious JavaScript into the passphrase field, which is stored and later executed when an administrator views the passphrase via the "Click here to display" option on the Status page.

Recommendations As a temporary workaround, consider disabling the WPA/WAPI Passphrase field in the Wireless Security settings until a patch is available. Restrict access to the Wireless Security settings page to minimize the risk of exploitation. Avoid using the "Click here to display" option on the Status page for viewing passphrases in the affected DZS Router Web Interface until the issue is resolved.