CVE-2025-2212

Name of the Vulnerable Software and Affected Versions: Castlenet CBW383G2N up to 20250301

Description: A vulnerability has been found that affects an unknown part of the file /RgSwInfo.asp. The manipulation of the argument Description with the input <img/src/onerror=prompt(8)> leads to cross-site scripting. It is possible to initiate the attack remotely. Other parameters might be affected as well.

Recommendations: For Castlenet CBW383G2N up to 20250301, as a temporary workaround, consider restricting access to the /RgSwInfo.asp file until a patch is available. Avoid using the Description argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.