CVE-2025-70545
Stored XSS in PPC ONT 2K05X Router CGI Allows Remote Code Execution
Publication date: 2026-02-04
Last updated on: 2026-02-11
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| belden | ppc_2k05x_firmware | 1.1.9_206l |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2025-70545 is a stored cross-site scripting (XSS) vulnerability found in the web management interface of the PPC (Belden) ONT 2K05X router running firmware version v1.1.9_206L.'}, {'type': 'paragraph', 'content': 'The vulnerability exists in the Common Gateway Interface (CGI) component, which improperly handles user-supplied input. This flaw allows a remote, unauthenticated attacker to inject arbitrary JavaScript code.'}, {'type': 'paragraph', 'content': "The malicious script is persistently stored by the backend and executed whenever the affected interface is accessed by a user, potentially compromising the security of the router's management interface."}] [1]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': "This vulnerability can allow a remote attacker to inject and execute arbitrary JavaScript code in the context of the router's web management interface."}, {'type': 'paragraph', 'content': 'Because the script is stored persistently, any user accessing the affected interface may unknowingly execute malicious code, which can lead to session hijacking, unauthorized actions, or theft of sensitive information.'}, {'type': 'paragraph', 'content': 'Since the attacker does not need to be authenticated, the risk of exploitation is higher, potentially compromising the security and integrity of the router and the network it manages.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by sending a crafted HTTP request to the web management interface of the PPC (Belden) ONT 2K05X router, specifically targeting the "browserLang" parameter in the CGI component. If the parameter is improperly handled and stored, it indicates the presence of the vulnerability.'}, {'type': 'paragraph', 'content': 'A practical approach is to use tools like curl or wget to send a request with a test JavaScript payload in the "browserLang" parameter and then check if the payload is stored and executed when accessing the interface.'}, {'type': 'list_item', 'content': 'Example curl command to test injection: curl -v --data "browserLang=<script>alert(\'XSS\')</script>" http://[router-ip]/cgi-bin/[vulnerable-endpoint]'}, {'type': 'list_item', 'content': "After sending the payload, access the router's web management interface via a browser and observe if the injected script executes (e.g., an alert popup)."}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': "Immediate mitigation involves enforcing strict input validation and output encoding within the CGI component of the router's web management interface."}, {'type': 'paragraph', 'content': 'Specifically, all user-supplied inputs, such as the "browserLang" parameter, must be properly sanitized before being stored or rendered to prevent script injection and execution.'}, {'type': 'paragraph', 'content': 'Additionally, restricting access to the web management interface to trusted networks or users and monitoring for suspicious HTTP requests can help reduce the risk of exploitation.'}] [1]