{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-1615", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-02-23T07:14:25.554Z", "datePublished": "2025-02-24T03:31:03.569Z", "dateUpdated": "2025-02-24T11:38:36.094Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-02-24T03:31:03.569Z"}, "title": "FiberHome AN5506-01A ONU GPON NAT Submenu cross site scripting", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "Cross Site Scripting"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "Code Injection"}]}], "affected": [{"vendor": "FiberHome", "product": "AN5506-01A ONU GPON", "versions": [{"version": "RP2511", "status": "affected"}], "modules": ["NAT Submenu"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in FiberHome AN5506-01A ONU GPON RP2511. Affected by this vulnerability is an unknown functionality of the component NAT Submenu. The manipulation of the argument Description leads to cross site scripting. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "In FiberHome AN5506-01A ONU GPON RP2511 wurde eine problematische Schwachstelle entdeckt. Es geht um eine nicht n\u00e4her bekannte Funktion der Komponente NAT Submenu. Dank Manipulation des Arguments Description mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 2.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 2.4, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 3.3, "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N"}}], "timeline": [{"time": "2025-02-23T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-02-23T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-02-23T08:19:36.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Fergod (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.296605", "name": "VDB-296605 | FiberHome AN5506-01A ONU GPON NAT Submenu cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.296605", "name": "VDB-296605 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.501408", "name": "Submit #501408 | FiberHome AN5506-01A ONU GPON RP2511  Cross Site Scripting", "tags": ["third-party-advisory"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-24T11:38:01.889084Z", "id": "CVE-2025-1615", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-24T11:38:36.094Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1615", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-24T11:38:01.889084Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-24T11:38:31.152Z"}}], "cna": {"title": "FiberHome AN5506-01A ONU GPON NAT Submenu cross site scripting", "credits": [{"lang": "en", "type": "reporter", "value": "Fergod (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 2.4, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 2.4, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 3.3, "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N"}}], "affected": [{"vendor": "FiberHome", "modules": ["NAT Submenu"], "product": "AN5506-01A ONU GPON", "versions": [{"status": "affected", "version": "RP2511"}]}], "timeline": [{"lang": "en", "time": "2025-02-23T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-02-23T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-02-23T08:19:36.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.296605", "name": "VDB-296605 | FiberHome AN5506-01A ONU GPON NAT Submenu cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.296605", "name": "VDB-296605 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.501408", "name": "Submit #501408 | FiberHome AN5506-01A ONU GPON RP2511  Cross Site Scripting", "tags": ["third-party-advisory"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in FiberHome AN5506-01A ONU GPON RP2511. Affected by this vulnerability is an unknown functionality of the component NAT Submenu. The manipulation of the argument Description leads to cross site scripting. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "In FiberHome AN5506-01A ONU GPON RP2511 wurde eine problematische Schwachstelle entdeckt. Es geht um eine nicht n\u00e4her bekannte Funktion der Komponente NAT Submenu. Dank Manipulation des Arguments Description mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "Cross Site Scripting"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "Code Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-02-24T03:31:03.569Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1615", "state": "PUBLISHED", "dateUpdated": "2025-02-24T11:38:36.094Z", "dateReserved": "2025-02-23T07:14:25.554Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-02-24T03:31:03.569Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fiberhome:an5506-01-a_firmware:rp2511:*:*:*:*:*:*:*", "matchCriteriaId": "D6C62ECD-22AC-4C9B-8F91-4BFAFCA9DDF3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fiberhome:an5506-01-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "8853CE67-2DD9-4217-B1ED-9767A3E46DE1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in FiberHome AN5506-01A ONU GPON RP2511. Affected by this vulnerability is an unknown functionality of the component NAT Submenu. The manipulation of the argument Description leads to cross site scripting. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad clasificada como problem\u00e1tica en el ONU GPON RP2511 AN5506-01A de FiberHome. Esta vulnerabilidad afecta a una funcionalidad desconocida del componente NAT Submenu. La manipulaci\u00f3n del argumento Description provoca ataques de Cross-Site Scripting. El ataque se puede lanzar de forma remota. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2025-1615", "lastModified": "2025-02-28T18:33:35.540", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "MULTIPLE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.4, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-02-24T04:15:08.933", "references": [{"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.296605"}, {"source": "cna@vuldb.com", "tags": ["VDB Entry", "Third Party Advisory"], "url": "https://vuldb.com/?id.296605"}, {"source": "cna@vuldb.com", "tags": ["VDB Entry", "Third Party Advisory"], "url": "https://vuldb.com/?submit.501408"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-94"}], "source": "cna@vuldb.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{}