CVE-2025-64054

Name of the Vulnerable Software and Affected Versions Fanvil x210 version 2.12.20

Description A reflected Cross Site Scripting (XSS) issue exists on Fanvil x210 devices. Successful exploitation could lead to a denial of service or potential arbitrary command execution. The issue is triggered by a crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint. The request utilizes a malicious payload to exploit the vulnerability.

Recommendations Update to a newer version that contains a fix for this vulnerability.