CVE-2025-41749

Name of the Vulnerable Software and Affected Versions port util.php (affected versions not specified)

Description An XSS issue exists in the port util.php file. An unauthenticated remote attacker can potentially trick an authenticated user into clicking a malicious link, allowing the attacker to modify device configuration parameters accessible through the web-based management interface (WBM). The session cookie is protected by the httpOnly flag, preventing session hijacking. The issue does not grant access to system-level resources or privileged functions. The attack involves manipulating parameters available via the web interface. The API endpoint involved is not specified. The vulnerable parameter is not specified.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.