CVE-2019-25282
Unknown Unknown - Not Provided
Open Redirect Vulnerability in V-SOL GPON/EPON OLT Platform

Publication date: 2026-01-08

Last updated on: 2026-01-08

Assigner: VulnCheck

Description
V-SOL GPON/EPON OLT Platform v2.03 contains an open redirect vulnerability in the script that allows attackers to manipulate the 'parent' GET parameter. Attackers can craft malicious links that redirect logged-in users to arbitrary websites by exploiting improper input validation in the redirect mechanism.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-08
Last Modified
2026-01-08
Generated
2026-06-16
AI Q&A
2026-01-08
EPSS Evaluated
2026-06-14
NVD
CVE-2019-25282
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
guangzhou_v-solution_electronic_technology olt_platform 2.03
guangzhou_v-solution_electronic_technology olt_platform From 2.03.24 (inc) to 2.03.62R_IPv6 (inc)
guangzhou_v-solution_electronic_technology olt_platform From 1.4 (inc) to 1.8.6 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an open redirect issue in the V-SOL GPON/EPON OLT Platform version 2.03. It occurs because the 'parent' GET parameter in the 'bindProfile.html' script is not properly validated. Attackers can craft malicious URLs that, when clicked by logged-in users on the trusted domain, redirect them to arbitrary external websites. This happens due to improper input validation in the redirect mechanism. [1, 2]

Impact Analysis

The vulnerability allows attackers to redirect logged-in users to arbitrary external websites by exploiting the open redirect flaw. This can lead to phishing attacks, where users are tricked into visiting malicious sites, potentially resulting in credential theft, malware infection, or other security risks. Since the redirect happens on a trusted domain, users may be more likely to trust the malicious link. [1, 2]

Detection Guidance

This vulnerability can be detected by checking for the presence of the 'bindProfile.html' script on the V-SOL GPON/EPON OLT Platform version 2.03 and testing if the 'parent' GET parameter is improperly validated, allowing open redirects. You can attempt to access URLs on the device that include the 'parent' parameter with an external URL to see if redirection occurs. For example, using curl or wget commands to request URLs like: curl -I "http://<device-ip>/bindProfile.html?parent=http://malicious-site.com" and observe if the response redirects to the external site. Monitoring web server logs for suspicious requests containing the 'parent' parameter with external URLs can also help detect exploitation attempts. [1, 2]

Mitigation Strategies

Immediate mitigation steps include restricting access to the affected 'bindProfile.html' script to trusted users only, implementing network-level controls such as firewall rules to limit access to the management interface, and educating users to avoid clicking on suspicious links. Since no vendor patch or fix information is provided, consider disabling or restricting the vulnerable functionality if possible. Monitoring for exploitation attempts and applying web application firewall (WAF) rules to block malicious 'parent' parameter values can also help reduce risk. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25282. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart