CVE-2025-2213

Name of the Vulnerable Software and Affected Versions: Castlenet CBW383G2N up to 20250301

Description: A vulnerability was found in the Wireless Menu component, specifically affecting the file /wlanPrimaryNetwork.asp. The issue arises from the manipulation of the SSID argument with malicious input, such as <img/src/onerror=prompt(8)>, leading to cross-site scripting. This can be initiated remotely. Other parameters might also be affected. The vendor was contacted about this disclosure but did not respond.

Recommendations: For Castlenet CBW383G2N up to 20250301, as a temporary workaround, consider restricting access to the /wlanPrimaryNetwork.asp file until a patch is available. Avoid using the SSID argument in the affected Wireless Menu component until the issue is resolved.