CVE-2025-41695

Name of the Vulnerable Software and Affected Versions dyn conn.php (affected versions not specified)

Description An XSS vulnerability exists in the dyn conn.php file. An unauthenticated remote attacker can manipulate an authenticated user into sending a crafted POST request to the device through the web-based management interface (WBM). This allows modification of device configuration parameters accessible via the web application. The session cookie is protected by the httpOnly flag, preventing session hijacking. The issue does not grant access to system-level resources or privileged functions. The vulnerable file is dyn conn.php and the attack involves manipulating a POST request.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.