CVE-2025-21603

Name of the Vulnerable Software and Affected Versions MZK-DP300N versions 1.05 and earlier

Description A cross-site scripting issue exists, allowing an arbitrary script to be executed on the logged-in user's web browser when accessing a crafted URL, if an attacker logs in to the affected product and manipulates the device settings.

Recommendations For MZK-DP300N versions 1.05 and earlier, update to a version later than 1.05 to resolve the issue. As a temporary workaround, consider restricting access to the device settings to minimize the risk of exploitation.