CVE-2025-63354 — MEDIUM (4.8)

Vulnerability Description

Hitron HI3120 v7.2.4.5.2b1 allows stored XSS via the Parental Control option when creating a new filter. The device fails to properly handle inputs, allowing an attacker to inject and execute JavaScript.

CVSS Score

4.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Hitrontech	Hi3120 Firmware	7.2.4.5.2b1
Hitrontech	Hi3120	-

Related Weaknesses (CWE)

CWE-79

References

https://github.com/kakarotossj3/CVEs/blob/main/Hitron/XSSThird Party Advisory

FAQ

What is CVE-2025-63354?

CVE-2025-63354 is a vulnerability with a CVSS score of 4.8 (MEDIUM). Hitron HI3120 v7.2.4.5.2b1 allows stored XSS via the Parental Control option when creating a new filter. The device fails to properly handle inputs, allowing an attacker to inject and execute JavaScri...

How severe is CVE-2025-63354?

CVE-2025-63354 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-63354?

Check the references section above for vendor advisories and patch information. Affected products include: Hitrontech Hi3120 Firmware, Hitrontech Hi3120.